May 29, 2023

Microsoft in september released a statement on Netlogon vulnerability that persisted in windows server active directory . Tracked this Vulnerability as CVE 2020-1472 elevation of privilege,The flaw exists when an attacker creates a vulnerable Netlogon secure channel connection to a domain controller using MS-NRPC Microsoft released a patch in Aug 2020 . Urged the users to patch it immediately

As expected , Exploiting this Vulnerability gone wild. Earlier this month Iranian APT group Mercury known to be muddywater exploited actively . Now another APT group known to be exploiting it. TA505 APT a Russian group known for spreading Tridex malware and locky Ransomware

TA505, which Microsoft calls Chimborazo, is distributing fake updates that lead to UAC bypass and using wscript[.]exe to run malicious code. To exploit this vulnerability, the attackers abuse MSBuild[.]exe to compile Mimikatz updated with built-in Microsoft functionality, Attacks showing up in commodity malware like those used by the threat actor Chimborazo indicate broader exploitation in the near term,”

Tags:

1 thought on “TA 505 ! Exploits Zerologon

  1. Pingback: Ransomware name game Distraction – TheCyberThrone

Leave a Reply

You may have missed

CrowdStrike strategy dominates MDR Market

CrowdStrike strategy dominates MDR Market

May 28, 2023
TheCyberThrone Security Week In Review–May 27, 2023

TheCyberThrone Security Week In Review–May 27, 2023

May 28, 2023
Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
Apria Data Breach affects 2 million customers

Apria Data Breach affects 2 million customers

May 27, 2023
CosmicEnergy Malware Shutting Electric grid

CosmicEnergy Malware Shutting Electric grid

May 27, 2023
Operation Magalenha from Brazil

Operation Magalenha from Brazil

May 27, 2023
%d bloggers like this: