Security researchers at Microsoft have said an Austrian firm named DSIRF was behind a string of digital intrusions at banks, law firms and strategic consultancies in countries such as Austria, the United Kingdom, and Panama.
The firm developed a spyware called “Subzero” which uses so-called Zero-day exploits to access confidential information such as passwords, or logon credentials. Zero-day exploits are serious software flaws of great value to both hackers and spies as they work even when software is up to date.
Vienna-based DSIRF, or DSR Decision Supporting Information Research Forensic GmbH is also referred to with its codename KNOTWEED. Microsoft said, “It's important to note that the identification of targets in a country doesn't necessarily mean that a DSIRF customer resides in the same country, as international targeting is common.”
The Microsoft Threat Intelligence Center (MSTIC)has found multiple links between DSIRF and the exploits and malware used in these attacks including command-and-control infrastructure used by the malware directly linking to DSIRF, a DSIRF-associated GitHub account being used in one attack, a code signing certificate issued to DSIRF being used to sign an exploit, and other open-source news reports attributing Subzero to DSIRF.
Microsoft said that KNOTWEED sell the Subzero malware to third parties but have also been observed using KNOTWEED-associated infrastructure in some attacks, suggesting more direct involvement.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
