A newly discovered APT attack has been combining VPN exploits with the Zerologon bug. It has been considered a serious threat because of the vulnerabilities are exploited to gain access to networks. The aftermath of the attacks is still being observed but the bug is first gaining initial access to Active Directory. Then using the stolen legitimate credentials, they’re able to connect to virtual environments through RDP and VPN. There are talks that this might have some influence over the upcoming election, many government/non-government agencies are being attacked. Activities tracked of the bug has seen that they target multiple sectors not just SLTT entities, CISA and the FBI are finding mitigation techniques and pushing out best practices to decrease the risk of an attack.
https://www.infosecurity-magazine.com/news/attackers-chaining-zerologon-with/
Leave a Reply
You must be logged in to post a comment.