"Election Systems Under Attack via Microsoft Zerologon Exploits"

The Cybersecurity Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are warning that advanced persistent threat actors (APTs) are now leveraging Microsoft’s severe privilege-escalation flaw, dubbed “Zerologon,” to target elections support systems.  The adversaries use VPN vulnerabilities to gain initial access and then Zerologon as a post-exploitation method, to compromise government networks.  Exploiting the bug allows an unauthenticated attacker, with network access to a domain controller, to completely compromise all Active Directory identity services.  Microsoft released a patch for the Zerologon vulnerability in August. Despite the patch being issued, many companies have not yet applied the patch to their system. Cybercriminals are taking advantage of that in a recent slew of government-targeted attacks.

Threatpost reports: "Election Systems Under Attack via Microsoft Zerologon Exploits"