December 8, 2023

Microsoft in september released a statement on Netlogon vulnerability that persisted in windows server active directory . Tracked this Vulnerability as CVE 2020-1472 elevation of privilege,The flaw exists when an attacker creates a vulnerable Netlogon secure channel connection to a domain controller using MS-NRPC Microsoft released a patch in Aug 2020 . Urged the users to patch it immediately

As expected , Exploiting this Vulnerability gone wild. Earlier this month Iranian APT group Mercury known to be muddywater exploited actively . Now another APT group known to be exploiting it. TA505 APT a Russian group known for spreading Tridex malware and locky Ransomware

TA505, which Microsoft calls Chimborazo, is distributing fake updates that lead to UAC bypass and using wscript[.]exe to run malicious code. To exploit this vulnerability, the attackers abuse MSBuild[.]exe to compile Mimikatz updated with built-in Microsoft functionality, Attacks showing up in commodity malware like those used by the threat actor Chimborazo indicate broader exploitation in the near term,”

Tags:

1 thought on “TA 505 ! Exploits Zerologon

  1. Pingback: Ransomware name game Distraction – TheCyberThrone

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Meta enables Messenger with E2EE by Default

December 8, 2023

CISA KEV Update Part II – December 2023

December 7, 2023

Atlassian fixes critical RCE vulnerabilities in its products

December 6, 2023

Microsoft Echo’s on APT 28 exploiting CVE-2023-23397

December 5, 2023

Papercut Privilege Escalation Vulnerability Unearthed

December 5, 2023

DanaBot Trojan Deploying Cactus Ransomware

December 4, 2023
%d