The infamous Hafnium group which successfully targeted on-premises Microsoft Exchange servers is now going after Windows using Tarrask malware which evades detection by cleaning its activities.
The infamous Hafnium hacking group, which wreaked havoc on Microsoft Exchange servers, is back. But this time, Microsoft is well aware of the state-sponsored threat actor group’s activities. The company knows the group is utilizing ‘Tarrask’ malware to target and consistently weaken defenses of the Windows operating system. The Hafnium group is utilizing Tarrask, a « defense evasion malware », to evade Windows defenses and ensure compromised environments remain vulnerable, explained the Microsoft Detection and Response Team (DART) in a blog post: Microsoft is actively tracking Hafnium’s activities and is aware the group is using novel exploits within the Windows subsystem.
