Tarrask is a new malware identified by Microsoft that is used by the Chinese-sponsored hacker group Hafnium to maintain persistence on compromised Windows PCs by generating and hiding scheduled activities. The Hafnium group has been spotted expanding on selected areas such as telecommunications, internet service providers, and data services over the time. Threat actors reportedly seen using unpatched zero-day vulnerabilities as initial vectors, and then use Impacket tooling for later movement and execution, as well as the discovery of defense-evading Tarrask malware that creates hidden scheduled tasks, and then take action to remove the task aspects, so that the scheduled tasks cannot be identified by conventional methods. Secret scheduled tasks employed in this campaign to re-establish outbound connections to command-and-control (C2) infrastructure, allowing them to keep access to vital assets exposed to the internet even after restarting.
Cloud Console Cartographer is an open-source tool designed to simplify the analysis of AWS console logs by mapping noisy log activity into consolidated, succinct events. This tool ...
A Russia-linked hacker group, known as the Cyber Army of Russia, has claimed responsibility for a cyberattack on a water and wastewater treatment plant in Indiana. The group posted...
Ransomware-as-a-Service (RaaS) groups have shown significant behavioral shifts in response to law enforcement activities, as highlighted in the GRIT Q1 2024 Ransomware Report. Desp...