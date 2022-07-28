



Microsoft’s security and threat intelligence team reportedly caught an Austrian company selling spyware based on a previously unknown Windows exploit.

The new details were released Wednesday in a technical blog post from the Microsoft Threat Intelligence Center (MSTIC). This was published in line with the written testimony given by the software company to the House Intelligence Committee’s hearing on commercial spyware and cyber surveillance.

Although spyware developers have officially named it DSIRF, the spyware that Microsoft is tracking under the code name KNOTWEED is used to target law firms, banks, and consultancy in the UK, Austria, and Panama. Known as. According to MSTIC analysis, the exploits that DSIRF used to compromise the system included a Windows zero-day elevated exploit and an Adobe Reader remote code execution attack. According to Microsoft, the exploits used in DSIRF have been patched with security updates.

DSIRF claims to help multinationals perform risk analysis and gather business intelligence, but Microsoft (and other local news reports) sell spyware used for unauthorized surveillance. Link the company to. According to a Microsoft blog post:

MSTIC has found multiple links between DSIRF and the exploits and malware used in these attacks. This includes the command and control infrastructure used by malware that links directly to DSIRF, the DSIRF-related GitHub account used in a single attack, and the code signing certificate issued to DSIRF used to sign exploits. Includes other open source news reports. Attribution of subzero to DSIRF.

New information about Microsoft’s tracking and mitigation of DSIRF / KNOTWEED exploits was released at the same time as the testimony document submitted to the July 27 hearing on the fight against US national security threats. ..

Microsoft’s written testimony describes the less regulated commercial spyware industry, where private parties are free to contract with oppressive governments around the world.

More than a decade ago, dictatorships and smaller governments sought the capabilities of larger, more resource-rich responders, and private sector companies moved to this sophisticated surveillance space, according to testimony. I started watching.

In some cases, businesses were building the capacity for government use in line with the rule of law and democratic values. But in other cases, companies have begun to build and sell surveillance as a service … to authoritative governments or governments acting inconsistent with the rule of law and human rights norms.

To combat free expression and human rights threats, Microsoft advocates helping the United States proceed with the debate on spyware as a cyberweapon.

At the same hearing, the intelligence committee was also testified by Carine Kanimba, the daughter of imprisoned Rwandan activist Paul Rusesabagina, who allegedly saved 1,200 Rwandans in the 1994 genocide. .. The Cunnimbus phone was believed by researchers to be infected with NSO Group’s Pegasus spyware while claiming the release of her father.

According to Kaninba, none of us are safe unless it affects the countries that abuse the technology and the factors that make it possible.

The NSO Group was also introduced by John Scott-Railton, Principal Researcher at Citizen Lab, another expert witness who testified to the Commission. Scott-Railton describes the changing world situation, with the involvement of mercenary spyware companies, which has far gained access to the most sophisticated intrusive digital surveillance technologies that were once available only in a handful of nation-states. did.

The high capabilities of these tools mean that even U.S. officials are likely to be targeted, as the iPhone happened to nine State Department officials working in Uganda hacked at NSO Pegasus. increase.

According to Scott Railton, it’s clear that the US government isn’t immune to the threat of mercenary spyware.

