Security News > 2022 > July > Microsoft Uncovers Austrian Company Exploiting Windows and Adobe Zero-Day Exploits

A cyber mercenary that "Ostensibly sells general security and information analysis services to commercial customers" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities.

The company, which Microsoft describes as a private-sector offensive actor, is an Austria-based outfit called DSIRF that's linked to the development and attempted sale of a piece of cyberweapon referred to as Subzero, which can be used to hack targets' phones, computers, and internet-connected devices.

Similar attack chains observed in 2021 leveraged a combination of two Windows privilege escalation exploits in conjunction with an Adobe reader flaw.

Microsoft said it uncovered KNOTWEED actively serving malware since February 2020 through infrastructure hosted on DigitalOcean and Choopa, alongside identifying subdomains that are used for malware development, debugging Mex, and staging the Subzero payload. Multiple links have also been unearthed between DSIRF and the malicious tools used in KNOTWEED's attacks.

"These include command-and-control infrastructure used by the malware directly linking to DSIRF, a DSIRF-associated GitHub account being used in one attack, a code signing certificate issued to DSIRF being used to sign an exploit, and other open-source news reports attributing Subzero to DSIRF," Redmond noted.

Google's Threat Analysis Group, which is tracking over 30 vendors that hawk exploits or surveillance capabilities to state-sponsored actors, said the booming ecosystem underscores "The extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments."

News URL

https://thehackernews.com/2022/07/microsoft-uncover-austrian-company.html