Windows under attack from Chinese threat actors: Microsoft


San Francisco, Apr 13 (IANS): Tech giant Microsoft has alerted users about the latest malware campaigns and cyber threats and informed them that China-based state-sponsored threat actor group Hafnium is stirring the pot once again.

According to Windows Central, this time, the alert is for Tarrask, a "defense evasion malware" that uses Windows Task Scheduler to hide a device's compromised status from itself.

"As Microsoft continues to track the high-priority state-sponsored threat actor HAFNIUM, new activity has been uncovered that leverages unpatched zero-day vulnerabilities as initial vectors," the company said in a blogpost.

The attack comes from Hafnium, the state-sponsored, China-based group that users may recall to be a big deal because of its involvement in the Microsoft Exchange meltdown of 2021.

The data gathered during that ordeal has been speculated to be fuel for AI innovations by the Chinese government, the report said.

The company said it is currently tracking Hafnium's activity when it comes to novel exploits of the Windows subsystem.

Hafnium is using Tarrask malware to ensure that compromised PCs remain vulnerable, employing a Windows Task Scheduler bug to clean up trails and make sure that on-disk artifacts of Tarrask's activities don't stick around to reveal what's going on.

The tech giant also demonstrated how threat actors create scheduled tasks, how they cover their tracks, how the malware's evasion techniques are used to maintain and ensure persistence on systems and how to protect against this tactic.

 

  

Top Stories


Leave a Comment

Title: Windows under attack from Chinese threat actors: Microsoft



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.