Microsoft’s detection and response group and the company’s threat intelligence center have found a new attack targeting the Windows operating system that exploits a previously unknown security vulnerability.
The tool used is called Tarrask and the group responsible for the occupation, HAFNIUMA gang of Chinese origin and affiliated with the local government. The threat has been tracked by Microsoft for over a year – they would be responsible for an attack on the dev’s servers as well as Microsoft Exchange. However, the country has denied all allegations of links to cybercriminals.
The malware in question does not act alone and Task Scheduler hiding it, making it more difficult to detect by security systems, and ensuring that the threat persists even after the system is rebooted. In this way, it can make compromised machines vulnerable to attacks by other tools.
Do you have a solution?
HAFNIUM’s targets are often institutes such as cybersecurity researchers, defense industry-related companies and think tanks. For now, the only defense against Tarrask is a manual inspection of incorrect timings in the Windows registry, but the company should work on an automated solution for the future.
Source: Tec Mundo
