ZeroLogon
ZeroLogon is the nickname given to a Microsoft Windows vulnerability that has been categorized as CVE-2020-1472. Cybersecurity experts have given the vulnerability a threat factor 10 out of 10, according to the Common Vulnerability Scoring System (CVSS.) Initially, some believed that it would be a long time before the ZeroLogon vulnerability would be used in the wild, but it would appear that an Advanced Persistent Threat (APT) actor has already managed to employ ZeroLogon in their threatening operations.
The first identified threat actor to use the ZeroLogon vulnerability is APT10, also known as Cicada and Stone Panda. This group has a long history in the world of cybercrime, and their operations can be traced back to 2009. In their ZeroLogon-related campaign, the criminals' target organizations in the automotive, pharmaceutical, and engineering industries. The majority of the operation's targets are situated in Japan, but the APT10 attack also has reached targets in other regions.
Of course, exploiting the ZeroLogon vulnerability is just a small piece of the puzzle that APT10's recent campaign is. Their attacks also involved the use of old and new malware families such as the well-known QuasarRAT and the newly identified Backdoor.Hartip. The latter is believed to be a custom Trojan Backdoor used by the APT10 hackers exclusively. Cybersecurity experts note that APT10's operation might have been going on for over a year, but they started employing the ZeroLogon vulnerability just recently. Their attack emphasizes data theft and cyber espionage – the criminals allegedly misappropriated corporate records, documents, calendar schedules and expense information from their victims.
Advanced Persistent Threat (APT) actors are often state-sponsored, therefore enabling them to possess some of the most advanced malware and exploits discovered online. APT10, however, has not been linked to state-sponsored activities yet. Regardless of this, the group has proven their expertise and knowledge multiple times by being one of the first gangs to jump on the most innovative infection vectors. Their use of the ZeroLogon vulnerability is a major concern, as it would mean that other criminals can start leveraging the same vulnerability very soon.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.