New research by FireEye’s Mandiant cyber forensics arm has revealed a previously unknown persistence mechanism that shows adversaries made use of Microsoft’s Background Intelligent Transfer Service (BITS) to launch malicious payloads. BITS is a component of Microsoft Windows, which makes use of idle network bandwidth to facilitate the asynchronous transfer of files between machines. The new mechanism is yet another reminder of how a useful tool like BITS can be repurposed by attackers to their own advantage. The researchers have also made available a Python utility called BitsParser that aims to parse BITS database files.
Source: https://thehackernews.com/2021/04/hackers-using-windows-os-feature-to.html