Chinese threat actor Hafnium targeted an un-patched zero-day vulnerability in Zoho products to implant a web shell. Hafnium exploited the Windows Task Scheduler to execute hidden scheduled tasks, allowing the malware to avoid detection.
- Telecommunication companies, internet service providers, and the data services sector
Suspected state sponsor
Type of incident
- Private sector