Microsoft stated in a weblog that it has discovered new behavior using unpatched zero-day vulnerabilities as starting vectors as it follows the high-priority state-sponsored threat actor HAFNIUM.
Users may recognize Hafnium as the state-sponsored, Chinese-based outfit that was significant because of its role in the Microsoft Exchange meltdown of 2021 as the source of the attack.
Data collected throughout that ordeal has been the Chinese government’s efforts to advance artificial intelligence, according to the report.
Source:- Windows Central
The business claimed to be monitoring Hafnium’s actions in relation to fresh Windows subsystem exploits.
Hafnium uses the Tarrask malware to keep infected computers susceptible. In order to clear its tracks and make sure that any on-disk artifacts left over from Tarrask’s actions don’t expose what’s going on, it makes use of a Windows Task Scheduler issue.
Source: BBC News
The IT giant also illustrated how threat actors set up scheduled processes, conceal their activities, maintain and assure virus persistence on systems, and how defend against this strategy.
What do you think about this share your views in the comments below.
