19 Jan 2021

Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’

Microsoft is allegedly pushing a domain controller “enforcement mode” by default to help mitigate the threat posed by the critical Zerologon flaw. Microsoft is aiming to force all companies to update their systems and address the flaw, as it represents a severe security risk to businesses, agencies, and organizations. Microsoft

Read More
12 Oct 2020

Critical Zerologon Flaw Exploited in TA505 Attacks

Microsoft has reported a new campaign utilizing the critical Zerologon vulnerability previously disclosed to the public. Just days after witnessing the nation-state hacking group Mercury was observed leveraging the flaw, the TA505 Russian speaking threat group known for the Dridex banking Trojan and Locky Ransomware has been using the same

Read More
07 Oct 2020

Microsoft Zerologon Flaw Under Attack By Iranian Nation-State Actors

Microsoft has released a warning concerning the Mercury APT group and their active exploitation of the Zerologon vulnerability in campaigns occurring over the past two weeks. Mercury APT is an Iranian nation-state threat actor leveraging the critical flaw to attack organizations, who have also been referred to as MuddyWater, Static

Read More
01 Oct 2020

Zerologon Attacks Against Microsoft DCs Snowball in a Week

Last week, the first active exploits of the Microsoft Zerologon vulnerability (CVE-2020-1472) were flagged. Now, just over a week later, threat actors are leveraging the bug to attempt to take over Active Directory identity services as security researchers observe a massive spike in the bug’s exploitation attempts. Researchers at Cisco

Read More