Following up on my post from September 16 titled Breaking News from the CompTIA ISAO, Microsoft confirmed in a tweet today that the Zerologon exploit is being actively exploited for at least the last two weeks.
The vulnerability, which the CompTIA ISAO was among the first to alert its members, allows a hacker to take control of an Active Director Domain Controller. Once successfully breached, access to this type of server essentially provides the hackers with the keys to the kingdom, allowing them to navigate and exploit just about every aspect of the network.
Many news sources are indicating the the most prolific hacking groups exploiting this vulnerability are tied to the Iranian government. The hacking groups known as Mercury and MuddyWater are reportedly tied to Iran's intelligence service. If true, this is a clear case of state sponsored hacking against commercial and other targets.
This situation underscores the existential nature of cyber threats today.