Microsoft says Windows under attack from Chinese threat actors using stealth malware

Microsoft Logo
Microsoft Logo (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • China-based state-sponsored threat actor group Hafnium is stirring the pot once again.
  • You may remember Hafnium from the Microsoft Exchange server drama of early 2021.
  • Now, Hafnium is utilizing malware to evade Windows defenses and ensure compromised environments remain vulnerable.

Microsoft is once again sounding the alarm so that you, the user, stay informed about the latest malware campaigns and cyber threats. This time, the alert is for Tarrask, a "defense evasion malware" that uses Windows Task Scheduler to hide a device's compromised status from itself.

The attack comes from Hafnium, the state-sponsored, China-based group that you may recall to be a big deal because of its involvement in the Microsoft Exchange meltdown of 2021. The data gathered during that ordeal has been speculated to be fuel for AI innovations by the Chinese government.

Microsoft is currently tracking Hafnium's activity when it comes to novel exploits of the Windows subsystem. Hafnium is using Tarrask malware to ensure that compromised PCs remain vulnerable, employing a Windows Task Scheduler bug to clean up trails and make sure that on-disk artifacts of Tarrask's activities don't stick around to reveal what's going on.

Tarrask Malware Hiding Tracks

Source: Microsoft (Image credit: Source: Microsoft)

Microsoft has high-level recommendations for how to combat Tarrask, which you can check out at the company's blog post on the subject (via BleepingComputer). Cyber resistance guidance in this case includes modifying audit policies, checking for scheduled tasks without SD (security descriptor) values, and more.

If you find these sorts of Microsoft PSAs to be useful, be sure to check out the company's security summit on May 12, wherein it will explore the latest cybersecurity threats in-depth and give you a chance to ask Redmond's in-house experts questions live.

CATEGORIES
Robert Carnevale

Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to robert.carnevale@futurenet.com.

Read more
Binary code displayed on a laptop screen and Guy Fawkes mask are seen in this illustration photo.
Microsoft blocks critical Secure Boot loophole after over 7 months — fortifying Windows 11 against sophisticated firmware attacks camouflaged as verified UEFI apps
Apple Store in Bangkok, Thailand
Microsoft flags macOS bug — remotely bypassing Apple's sophisticated System Integrity Protection (SIP) security solution and allowing unauthorized third-party rootkit installs
Microsoft Edge Scareware blocker
How to enable Edge's Scareware blocker and protect yourself from online scams
Surface Pro 11
New Surface Pro details emerge as Microsoft prepares to downgrade Windows 10 and OpenAI is accused of cheating on AI benchmarks
A DeepSeek artificial intelligence logo and icons on various smartphones or laptops.
DeepSeek is reportedly sending intricate user data to Chinese telecom despite US ban — weeks after suffering a "large-scale cyberattack"
Satya Nadella contemplating during the annual Microsoft shareholders meeting.
Microsoft CEO Satya Nadella touts DeepSeek's open-source AI as "super impressive": "We should take the developments out of China very, very seriously"
Latest in Microsoft
Cloud servers
Microsoft has killed "several" data center projects in the U.S. and Europe, according to reports — Microsoft responds (Updated)
Steve Ballmer and Bill Gates, former CEOs of Microsoft.
Bill Gates says Satya Nadella almost missed the cut for CEO of Microsoft — Even with Steve Ballmer's support
HP Reverb G2 VR headset
Was Windows Mixed Reality as bad as I remember? I look back at the failed VR platform that was ahead of its time.
Microsoft Majorana 1 chip designed for quantum computing
Microsoft dismisses quantum computing skepticism: "There is a century-old scientific process established by the American Physical Society for resolving disputes"
The Microsoft logo on a smartphone and laptop arranged in Crockett, California, US, on Friday, Dec. 29, 2023.
"Would you say there is a reasonable balance between what you contribute to Microsoft and what you get in return?" Two-thirds of Microsoft employees say YES — as AI engineers get preferential compensation packages.
Like a Dragon Pirate Yakuza in Hawaii screenshot
Microsoft blocks (some) Windows 11 pirates while Lenovo steals the show at Mobile World Congress
Latest in News
Cloud servers
Microsoft has killed "several" data center projects in the U.S. and Europe, according to reports — Microsoft responds (Updated)
Photo of Microsoft's new sign-in page for Xbox.com using the Microsoft Edge browser.
Over one billion users will get a new Microsoft user experience, and it has a dark mode
The Thing: Remastered key art
The Thing comes to Xbox Cloud Gaming's "Stream Your Own Game" library alongside other new arrivals
Promotional screenshot of heroes fighting a giant in Pillars of Eternity
Obsidian's classic Baldur's Gate successor 'Pillars of Eternity' is getting a surprise turn-based mode later this year, alongside other updates
Atomfall
Atomfall reviews and Metacritic scores are in: Here's a roundup of what everyone's saying about this new Game Pass survival game
Screenshot of one of the new flat world presets in Minecraft.
Minecraft testing new flat world presets and a better way to locate your friends in-game