Microsoft said that Iranian state-sponsored hacker groups have been exploiting the Zerologon liability in real-time hacking attacks. Each successful attack would let the threat actors control the servers called as domain controllers (DC). They are the core of most enterprise networks and give hackers complete access to the target.
Microsoft’s Threat Intelligence Center (MSTIC) detected the Iranian breaches and said that the attacks have been ongoing for a minimum of 2 weeks. The Iranian group is identified as “Mercury” by Microsoft and was named in its short tweet regarding the attacks. The organization urged users to patch the vulnerability. The hacker group is also called by the moniker “MuddyWatter.”