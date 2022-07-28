



Microsoft has linked the abuse of several Windows and Adobe zero-day targeting organizations in Europe and Central America to the lesser-known Austrian spyware maker.

The Technology Giants’ Threat Intelligence and Security Response Unit has associated a number of cyberattacks with a threat actor known as the Vienna-based information gathering company, Decision Supporting Information Research Forensic, or DSIRF, known as “Knotweed.” rice field. DSIRF, which states on its website that it was founded in 2016, has “provided data-driven intelligence to multinational companies in the technology, retail, energy and financial sectors” and has provided red team testing20. Claims to have more than a year of experience. Hackers are given permission to find and exploit security vulnerabilities while testing their products.

Microsoft reported Wednesday that Knotweed has been active since at least 2020 and has developed a spyware called Subzero that allows customers to remotely and silently break into victims’ computers, phones, network infrastructure and devices connected to the Internet. It states that it did. Subzero is functionally similar to NSO Group’s Pegasus and Candirus Devils Tongue spyware and is often used by governments to monitor journalists, activists, and human rights advocates.

According to a copy of the internal presentation published by Netzpolitik in 2021, DSIRF uses Subzero as a next-generation cyberwarfare tool that can take full control of the target PC, steal passwords and reveal its real-time location. I am advertising. The report claims that DSIRF, which is reportedly associated with the Russian government, has promoted tools for use in the 2016 US presidential election. The report states that Germany is also considering purchasing and using Subzero for use by police and intelligence agencies.

In addition to selling Subzero malware, Microsoft noted that DSIRF (also known as Knotweed) was observed to use its own infrastructure in some attacks, a law with known Austrian victims. It suggests more direct involvement in targeting victims, including offices, banks and strategic consultants. , Panama and Great Britain.

However, the tech giant said he had confirmed to the victims targeted by Subzero that he had “not outsourced a red team or penetration test” and that his activities were unauthorized and malicious. rice field.

According to the report, Subzero is distributed through several vectors, including multiple zero-day exploits on Windows and Adobe. This includes a flaw in the recently patched CVE-2022-22047 and a bug in the Windows Client-Server Runtime Subsystem (CSRSS). This can be used to gain a higher level of access to the victim’s device than the logged-in user. Microsoft said it has patched at least four zero-days used by DSIRF since 2021.

Knotweed has embedded a malicious macro in an Excel document. This contained a second-stage malware that had a normal appearance disguised as a meme but was hidden within an “abnormally large” JPEG image. Macros are a common way for malicious attackers to gain access to deploy malware and ransomware, but recently they were blocked by Microsoft in Office apps by default.

When contacted by phone, a DSIRF representative said he would provide TechCrunch with an answer to Microsoft’s report, but the answer wasn’t provided by the press time.

To prevent these attacks, Microsoft recommends that organizations patch CVE-2022-22047 to keep their antivirus software up-to-date and enable multi-factor authentication.

The tech giant is also calling on spyware makers to take more action, warning that DSIRF is not the last cyber mercenary to be revealed.

“We are watching more and more [private-sector offensive actors] Chris Goodwin, General Manager of Microsofts Digital Security, said: Unit: We welcome Congress to focus on the risks and abuses that we all face collectively from the abuse of surveillance techniques, and their use here both here in the United States and elsewhere in the world. Encourage restrictive regulations.

