Microsoft has issued an alert message to users on the latest malware campaigns and cyber threats, as well as the fact that Hafnium, a China-based state-sponsored threat actor, has started targeting again.
The Microsoft alert is for Tarrask, which is a “defense evasion malware” that leverages Windows Task Scheduler to hide a device’s compromised status from itself, according to Windows Central.
Microsoft said in a blogpost “As Microsoft continues to track the high-priority state-sponsored threat actor HAFNIUM, new activity has been uncovered that leverages unpatched zero-day vulnerabilities as initial vectors,”
The attack is carried out by Hafnium, a state-sponsored Chinese group that users may recall as a major player in the Microsoft Exchange meltdown of 2021.
According to the report, the data gathered during that ordeal is speculated to be used by the Chinese government to fuel AI innovations.
Microsoft said that it is currently monitoring Hafnium’s activity in terms of new exploits of Windows subsystem.
Tarrask malware is being used by Hafnium to keep infected PCs vilnerable. The malware uses a Windows Task Scheduler weakness to wipe up trails and ensure that on-disk artifacts of Tarrask’s activities don’t remain to indicate what’s going on.
Microsoft also demonstrated how threat actors create scheduled tasks, hide their traces, and use malware evasion techniques to maintain and ensure persistence on systems, as well as how to protect against this tactic.