Microsoft is warning that cybercriminals have started to incorporate exploit code for the ZeroLogon vulnerability in their attacks. The alert comes after the company noticed ongoingattacks from cyber-espionage group MuddyWater (SeedWorm) in the second half of September.
This time, the threat actor is TA505, an adversary who is indiscriminate about the victims it attacks, with a history starting with the distribution of Dridex banking trojan in 2014.
Over the years, the actor has been in attacks delivering a wide variety of malware, from backdoors to ransomware.
Source: BleepingComputer