MERCURY, the Iranian advanced persistent threat group, is using Zerologon in a new series of attacks detected by Microsoft.