Microsoft finds hackers using unknown Windows security flaws
Austrian firm found selling Windows spyware to governments
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Microsofthas revealed a potentially damaging new spyware campaign targeting victims around the world.
In ablog post, Microsoft claims that an Austrian company posing as a risk analysis and business intelligence service provider is in fact, a spyware developer responsible for Subzero,malwareused againstendpointsbelonging to law firms, banks, and consultancy firms in the UK, Austria, and Panama.
The company, known as DSIRF, was found allegedly abusing zero-days exploits in both Windows andAdobeReader to provide its customers with remote code execution capabilities, among other things. Before identifying the threat actor, Microsoft was tracking it under the codename KNOTWEED.
Commercial spyware
Before identifying the threat actor, Microsoft was tracking it under the codename KNOTWEED, and says it has now patched the vulnerabilities abused by DSIRF.
“MSTIC [Microsoft Threat Intelligence Center] has found multiple links between DSIRF and the exploits and malware used in these attacks. These include command-and-control infrastructure used by the malware directly linking to DSIRF, a DSIRF-associated GitHub account being used in one attack, a code signing certificate issued to DSIRF being used to sign an exploit, and other open-source news reports attributing Subzero to DSIRF,” Microsoft said in the blog.
As spotted byThe Verge, Microsoft’s report was published while the company testified in front of the House Intelligence Committee, on “Combatting the Threats to U.S. National Security from the Proliferation of Foreign Commercial Spyware”. In the testimony, submitted in written form, Microsoft argues that in the past decade, there’s been a boom of commercial entities developing, and selling, spyware, to repressive regimes around the world.
NSO Group spyware targeted senior EU officials>Google says NSO Group iPhone hack was “incredible and terrifying”>These are the best secure browsers today
“Over a decade ago, we started to see companies in the private sector move into this sophisticated surveillance space as autocratic nations and smaller governments sought the capabilities of their larger and better resourced counterparts,” it says in the testimony.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“In some cases, companies were building capabilities for governments to use consistent with the rule of law and democratic values. But in other cases, companies began building and selling surveillance as a service … to authoritarian governments or governments acting inconsistently with the rule of law and human rights norms.”
Microsoft has urged the U.S. to classify spyware as a “cyberweapon”.
Via:The Verge
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Windows PCs targeted by new malware hitting a vulnerable driver
Dangerous Android banking malware looks to trick victims with fake money transfers
Apple might still be developing that fabled smart ring after all, according to latest leak
