SolarMarker campaign used novel registry changes to establish persistence

Inserting custom file handling rules for a randomly-created file extension and a .LNK in Windows’ startup folder, malware installer created a stealthy persistence mechanism for backdoor.

Article Link: SolarMarker campaign used novel registry changes to establish persistence – Sophos News