Microsoft has issued an alert to users about the latest malware campaigns and cyber threats, as well as the fact that the China-based state-sponsored threat actor group Hafnium is stirring the pot once more.
The alert this time is for Tarrask, a “defence evasion malware” that uses Windows Task Scheduler to conceal a device’s compromised status from itself, according to Windows Central.
“As Microsoft continues to track the high-priority state-sponsored threat actor HAFNIUM, new activity has been uncovered that leverages unpatched zero-day vulnerabilities as initial vectors,” the company said in a blogpost.
The attack is the work of Hafnium, a state-sponsored, Chinese-based group that users may recall as a major player in the 2021 Microsoft Exchange meltdown.
According to the report, the data gathered during that ordeal is thought to be fuel for the Chinese government’s AI innovations.
The company stated that it is currently monitoring Hafnium’s activity in terms of novel exploits of the Windows subsystem.
Hafnium is employing Tarrask malware to keep compromised PCs vulnerable, using a Windows Task Scheduler bug to clean up trails and ensure that on-disk artefacts of Tarrask’s activities don’t remain to reveal what’s going on.
The tech titan also demonstrated how threat actors create scheduled tasks, how they hide their tracks, how malware evasion techniques are used to maintain and ensure persistence on systems, and how to defend against this tactic.