Notorious hacker group Hafnium deployed malicious code to target Windows, Microsoft stood still
But this time, the Redmond company seems to be well prepared when claiming to have information about the hacker group's activities. Microsoft security experts say Hafnium is using a strain of malware called 'Tarrask' to target and repeatedly weaken the defenses of the Windows operating system in general.
Specifically, according to Microsoft's preliminary investigation, the Hafnium team is using Tarrask, a "defence-evasion malware", to bypass Windows' security defenses and ensure compromised environments. Import is still vulnerable. Explaining the issue, the Microsoft Detection and Response Team (DART) said in a blog post:
During high-priority HAFNIUM threat agent monitoring, we discovered that some unpatched Windows zero-day vulnerabilities were abused by hackers as initial attack vectors. Further investigation revealed indications of using the Impacket engine to deploy malicious activity horizontally, and discovered defense-evading malware called Tarrask. It creates 'hidden' scheduled tasks, with actions to clear task attributes, to hide its activity.
Microsoft is actively monitoring Hafnium activities and is aware that this group is abusing a new exploit targeting the Windows subsystem. Malicious actors appear to be exploiting a previously unknown Windows bug to hide malware from "schtasks/query" and Task Scheduler.
The malware evades detection by Windows security tools by deleting the associated Security Descriptor registry value. In simple terms, an unpatched Windows Task Scheduler bug is helping malware wipe its tracks and effectively hide itself from the operating system's active defenses.
Technical terms aside, it's conceivable that Hafnium appears to be using "hidden" scheduled tasks to keep access to compromised devices even after multiple reboots. As with any malware, even Tarrask re-establishes connections with Command-and-Control (C2) infrastructure.
The Microsoft DART team not only issues a warning, but also recommends that users enable logging for 'TaskOperational' in the Microsoft-Windows-TaskScheduler/Operational Task Scheduler log. This will make it easier for system administrators to find suspicious connections from important Tier 0 and Tier 1 assets.
You should read it
- Watch out for new dangerous viruses similar to WannaCry
- Microsoft proves Windows 10 computers are vulnerable to hacking to advertise Windows 11
- Apple announced a new, more diverse level of security bug detection bonus
- More than 1,300 phishing kits are being sold on the hacker forum
- There has been hack Among Us and this is how you find out hacker
- With just one link, hacking Facebook accounts has never been so easy
- Here's how I hack 40 websites in 7 minutes
- The latest iOS 11 has been hacked !!!
- The corner of getting rich: A company hung a $ 1 million prize for anyone who hacked WhatsApp and iMessage
- Hackers demand $ 50K from the hacker forum, otherwise they will give no Fed
- Can cybercriminals use ChatGPT to hack your bank or PC?
- How to Unauthorized Access (Hack) a website
Maybe you are interested
How to fix the missing language bar error on Windows 11 extremely quickly
Turn off these visual effects to make Windows run smoother!
7 Ways to Customize Windows 11 Notepad
8 settings to change to make your Mac trackpad and keyboard work like Windows
How to add fonts to Word in Windows computer
How to use the file search command on Windows, find saved files