Chinese state-sponsored threat group Hafnium has targeted telecommunications, data services, and internet services sectors between August 2021 and February 2022 with the new Tarrask malware aimed at establishing persistence on Windows systems, reports The Hacker News.
Microsoft Threat Intelligence Center researchers discovered that Hafnium leveraged Microsoft Exchange Server zero-day vulnerabilities to deploy the Tarrask malware, which creates hidden scheduled tasks to evade detection before establishing new registry keys, as well as other web shells.
"In this scenario, the threat actor created a scheduled task named 'WinUpdate' via HackTool:Win64/Tarrask in order to re-establish any dropped connections to their command-and-control (C&C) infrastructure," said researchers.
However, Hafnium omitted the security descriptor value from the Tree registry path to make the task seemingly invisible unless evaluated through the Registry Editor.
"The attacks [...] signify how the threat actor Hafnium displays a unique understanding of the Windows subsystem and uses this expertise to mask activities on targeted endpoints to maintain persistence on affected systems and hide in plain sight," they added.
Fifty percent more distributed denial-of-service attacks have been launched by threat actors during the first quarter of 2024 over the same period last year, with thwarted DDoS attacks increasing by 93% year-over-year, SiliconAngle reports.
Security Affairs reports that attacks with an updated iteration of the LightSpy iOS spyware using the "F_Warehouse" framework have been deployed against Southern Asian targets as part of a new cyberespionage campaign.
Operations of Russia's industrial sensor and monitoring infrastructure were claimed to have been disrupted by Ukrainian hacking operation Blackjack following a Fuxnet malware attack against Moscow-based underground infrastructure firm Moscollector, reports SecurityWeek.