Microsoft said on Monday that Iranian state-sponsored hackers are currently exploiting the Zerologon vulnerability in real-world hacking campaigns. From a report: Successful attacks would allow hackers to take over servers known as domain controllers (DC) that are the centerpieces of most enterprise networks and enable intruders to gain full control over their targets. The Iranian attacks were detected by Microsoft’s Threat Intelligence Center (MSTIC) and have been going on for at least two weeks, the company said today in a short tweet. MSTIC linked the attacks to a group of Iranian hackers that the company tracks as MERCURY, but who are more widely known under their monicker of MuddyWatter. The group is believed to be a contractor for the Iranian government working under orders from the Islamic Revolutionary Guard Corps, Iran’s primary intelligence and military service.
of this story at Slashdot.
Source:: Slashdot