The HAFNIUM threat actor is using an unconventional method to tamper scheduled tasks in order to establish persistence via modification of registry keys in their malware called Tarrask. The benefit of using registry keys is that enables the threat actor to create stealthy scheduled tasks for persistence by avoiding to utilize traditional execution methods. The … Continue reading Scheduled Task Tampering