Microsoft catches spyware group targeting customers using Windows bugs


New Delhi, Jul 28 (IANS): Microsoft has caught an Austrian company selling spyware based on multiple Windows and Adobe zero-day exploits to attack its customers.

The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) found that the spyware developer -- officially named DSIRF and codenamed KNOTWEED -- developed a spyware called 'Subzero' that was used to target law firms, banks, and consultancy firms in the UK, Austria and Panama.

"It's important to note that the identification of targets in a country doesn't necessarily mean that a DSIRF customer resides in the same country, as international targeting is common," the company said in a blogpost late on Wednesday.

MSTIC has found multiple links between DSIRF and the exploits and malware used in these attacks.

These include command-and-control infrastructure used by the malware directly linking to DSIRF, a DSIRF-associated GitHub account being used in one attack, a code signing certificate issued to DSIRF being used to sign an exploit, and other open-source news reports attributing Subzero to DSIRF.

Such cyber mercenaries sell hacking tools or services through a variety of business models.

Two common models for this type of actor are access-as-a-service and hack-for-hire.

In access-as-a-service, the actor sells full end-to-end hacking tools that can be used by the purchaser in operations, with the private-sector offensive actor (PSOA) not involved in any targeting or running of the operation.

In hack-for-hire, detailed information is provided by the purchaser to the actor, who then runs the targeted operations.

Microsoft said that KNOTWEED may blend these models: they sell the Subzero malware to third parties but have also been observed using KNOTWEED-associated infrastructure in some attacks, suggesting more direct involvement.

"Customers are encouraged to expedite deployment of the July 2022 Microsoft security updates to protect their systems against exploits," the company advised.

 

  

Top Stories


Leave a Comment

Title: Microsoft catches spyware group targeting customers using Windows bugs



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.