Threat Actors may use hidden windows to conceal malicious activity from the plain sight of users. In some cases, windows that would typically be displayed when an application carries out an operation can be hidden. This may be utilized by system administrators to avoid disrupting user work environments when carrying out administrative tasks.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.