Microsoft windows

Microsoft Windows Attacked by Hafnium Group’s “Tarrask” Malware

By Terry J. Morgan
How to Manage Windows Security Tamper Protection Feature on Windows 10

The Hafnium group of threats is one that Microsoft has already faced, causing chaos on Microsoft Exchange servers last year. Now the group is back, and this time using “Tarrask” malware to target Microsoft’s Windows platform.

Hafnium is known as a state-sponsored hacking group. Microsoft says it has found Tarrask defense evasion malware in Windows. According to Microsoft Detection and Response Team (DART), the operating system remains vulnerable to attacks.

“As Microsoft continues to track the high priority state-sponsored threat actor HAFNIUM, new activity has been discovered that exploits unpatched zero-day vulnerabilities as initial vectors. Further investigation reveals forensic artifacts of using Impacket tooling for lateral movement and execution and discovery of defense evasion malware called Tarrask that creates “hidden” scheduled tasks “, and subsequent actions to remove task attributes, to hide scheduled tasks from the traditional means of identification”.

Advertising

Microsoft is now tracking Hafnium’s activities and claims that the group is using new exploit methods to enter the Windows subsystem. For example, it uses a previously unknown vulnerability in Windows to hide Tarrask in Task Scheduler.

Hidden

One of the reasons why malware is powerful is that it is able to evade detection. It achieves this by removing the security descriptor registry it should have come with. This means that there is a bug in Windows Task Scheduler for which Microsoft has not yet released a fix.

Microsoft points out that the attack highlights why Hafnium is a threat to Windows:

“The attacks we have described show how the HAFNIUM threat actor displays a unique understanding of the Windows subsystem and uses this expertise to obfuscate activities on targeted endpoints to maintain persistence on affected systems and hide from the public eye. seen.”

This bug actively helps the malware to cover its tracks and stay undetected in Windows. Microsoft DART recommends that users enable logging for “TaskOperational” in the Microsoft-Windows-TaskScheduler/Operational Task Scheduler log.

Tip of the day: Although many VPN providers have their own apps, in many cases you can connect to a VPN on Windows without any third-party software. This is ideal if you have a self-hosted VPN or are using a PC with restricted permissions. In our tutorial, we show you how to connect to a VPN on Windows.

Advertising

Related posts:

  1. Should you consider upgrading to Microsoft’s Windows 11?
  2. Microsoft Windows Security Review: Minimum Effort
  3. Microsoft’s Windows Store Now Open to Third-Party App Stores
  4. Tech Matters: How To Switch Without Password With Microsoft Windows | News, Sports, Jobs
Terry J. Morgan
You might also like More from author

Comments are closed.