Notorious hacker group Hafnium deployed malicious code to target Windows, Microsoft stood still
But this time, the Redmond company seems to be well prepared when claiming to have information about the hacker group's activities. Microsoft security experts say Hafnium is using a strain of malware called 'Tarrask' to target and repeatedly weaken the defenses of the Windows operating system in general.
Specifically, according to Microsoft's preliminary investigation, the Hafnium team is using Tarrask, a "defence-evasion malware", to bypass Windows' security defenses and ensure compromised environments. Import is still vulnerable. Explaining the issue, the Microsoft Detection and Response Team (DART) said in a blog post:
During high-priority HAFNIUM threat agent monitoring, we discovered that some unpatched Windows zero-day vulnerabilities were abused by hackers as initial attack vectors. Further investigation revealed indications of using the Impacket engine to deploy malicious activity horizontally, and discovered defense-evading malware called Tarrask. It creates 'hidden' scheduled tasks, with actions to clear task attributes, to hide its activity.
Microsoft is actively monitoring Hafnium activities and is aware that this group is abusing a new exploit targeting the Windows subsystem. Malicious actors appear to be exploiting a previously unknown Windows bug to hide malware from "schtasks/query" and Task Scheduler.
The malware evades detection by Windows security tools by deleting the associated Security Descriptor registry value. In simple terms, an unpatched Windows Task Scheduler bug is helping malware wipe its tracks and effectively hide itself from the operating system's active defenses.
Technical terms aside, it's conceivable that Hafnium appears to be using "hidden" scheduled tasks to keep access to compromised devices even after multiple reboots. As with any malware, even Tarrask re-establishes connections with Command-and-Control (C2) infrastructure.
The Microsoft DART team not only issues a warning, but also recommends that users enable logging for 'TaskOperational' in the Microsoft-Windows-TaskScheduler/Operational Task Scheduler log. This will make it easier for system administrators to find suspicious connections from important Tier 0 and Tier 1 assets.
You should read it
- Apple announced a new, more diverse level of security bug detection bonus
- More than 1,300 phishing kits are being sold on the hacker forum
- There has been hack Among Us and this is how you find out hacker
- With just one link, hacking Facebook accounts has never been so easy
- Here's how I hack 40 websites in 7 minutes
- The latest iOS 11 has been hacked !!!
- The corner of getting rich: A company hung a $ 1 million prize for anyone who hacked WhatsApp and iMessage
- Hackers demand $ 50K from the hacker forum, otherwise they will give no Fed
May be interested
- This hacker group is using Telegram to steal cryptocurrencythe hacker group, lazarus, is said to be launching a series of crypto-theft campaigns via the telegram platform.
- Reader code names famous games to infiltrate Microsoft Storea malicious code called electron bot has infiltrated microsoft's official app store, microsoft store.
- Warning: Detected malicious code hidden in the graphics card's VRAMone of the aspects that make cybercriminals dangerous lies in the initiative they take in deploying new forms of malicious attacks.
- Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messengerfrom yesterday (december 18, 2017), a new type of malicious code has appeared and raged in vietnam. this malicious code is not too sophisticated but is spreading very fast through facebook messenger because it is sent from the friends in the friend list.
- New malware using web application has turned into a source of attack, very difficult to detectrecently, researchers from talos (microsoft) and cisco have discovered a new type of malicious code that is very complex and has an extremely fast spreading speed.
- Warning malicious code is spread through email, there is a risk of losing all datathe forms of intrusion and attack on user data are increasingly sophisticated disguised hacker groups. malware in addition to disguised under applications on the play store can be attached via e-mail messages.
- Researchers create malware based on artificial intelligencedeeplocker is unrecognized and 'performs malicious behavior as soon as this ai code detects the target via face detection, location or voice'.
- 100 hackers were arrested for the super-dangerous BlackShades malicious codethe authorities seized more than 1,000 computers, smartphones and hard drives in a large-scale campaign to take down blackshades, a malicious code that the security community is extremely sophisticated, dangerous and has an attack on. terrible
- The hacker claimed to successfully steal 63.2GB of Microsoft source code from GitHuban anonymous hacker recently announced that he successfully stole 63.2gb of microsoft source code from github - the largest online code sharing and storage platform in the world.
- Watch out for new dangerous viruses similar to WannaCryanother type of computer virus that exploits a security hole in the windows operating system, such as the wannacry malicious code, has spread more than 200,000 devices and helped hackers hack silver.