Security News > 2022 > July > Microsoft Uncovers Austrian Company Exploiting Windows and Adobe Zero-Day Exploits
A cyber mercenary that "Ostensibly sells general security and information analysis services to commercial customers" used several Windows and Adobe zero-day exploits in limited and highly-targeted attacks against European and Central American entities.
The company, which Microsoft describes as a private-sector offensive actor, is an Austria-based outfit called DSIRF that's linked to the development and attempted sale of a piece of cyberweapon referred to as Subzero, which can be used to hack targets' phones, computers, and internet-connected devices.
Similar attack chains observed in 2021 leveraged a combination of two Windows privilege escalation exploits in conjunction with an Adobe reader flaw.
Microsoft said it uncovered KNOTWEED actively serving malware since February 2020 through infrastructure hosted on DigitalOcean and Choopa, alongside identifying subdomains that are used for malware development, debugging Mex, and staging the Subzero payload. Multiple links have also been unearthed between DSIRF and the malicious tools used in KNOTWEED's attacks.
"These include command-and-control infrastructure used by the malware directly linking to DSIRF, a DSIRF-associated GitHub account being used in one attack, a code signing certificate issued to DSIRF being used to sign an exploit, and other open-source news reports attributing Subzero to DSIRF," Redmond noted.
Google's Threat Analysis Group, which is tracking over 30 vendors that hawk exploits or surveillance capabilities to state-sponsored actors, said the booming ecosystem underscores "The extent to which commercial surveillance vendors have proliferated capabilities historically only used by governments."
News URL
https://thehackernews.com/2022/07/microsoft-uncover-austrian-company.html
Related news
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Microsoft fixes Windows zero-day exploited in QakBot malware attacks (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft fixes Windows Sysprep issue behind 0x80073cf2 errors (source)
- Recent Windows updates break Microsoft Connected Cache delivery (source)
- Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234) (source)
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)
- Telegram fixes Windows app zero-day caused by file extension typo (source)