Microsoft warns of rise of hackers exploiting publicly disclosed vulnerabilities

According to a new Microsoft study, nation-state groups are becoming a more dangerous threat as they increasingly target critical infrastructures and rapidly exploit zero-day vulnerabilities. Moreover, these nation-state and criminal actors are increasingly exploiting publicly disclosed zero-day vulnerabilities to violate target environments.

It also said that it has “observed a reduction in the time between the announcement of a vulnerability and the commoditization of that vulnerability,” which makes it imperative that organizations patch such exploits on time.

In addition, Microsoft discovered that these actors “have begun to use innovation in automation, cloud infrastructure, and remote access technologies to attack a broader set of targets.” More advanced spoofing methodologies, a shift to targeting the IT services supply chain, and improved tactics to exploit zero-day vulnerabilities before they are publicly disclosed and patched, are part of this strategy.

It points out that, on average, it takes only 14 days for a malicious code to be available to the public after a bug becomes public, and that zero-day attacks, while initially strictly limited, are quickly adopted by other threat actors, leading to uncontrolled probing events before patches are installed.

And some of the vulnerabilities that were first exploited by Chinese actors before being picked up by other hostile groups include: CVE-2021-35211, CVE-2021-40539, CVE-2021-44077, CVE-2021-42321, and CVE-2022-26134.

The sources for this piece include an article in TheHackerNews.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web