Mercenary Hacking Group Selling Spyware

Uploaded on 2022-08-02 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

Microsoft has identified a spyware called Subzero which has been used to hack law firms, banks and strategic consultancies in countries such as Austria, the UK and Panama. In particular, Microsoft has been investigating an Austrian private-sector firm that it believes is operating illegal offensive security services on behalf of clients in a similar fashion to NSO Group and its Pegasus spyware.

Vienna-based DSR Decision Supporting Information Research Forensic (DSIRF) presents itself as a professional services company with clients across high-value industries, but investigations have revealed it is offering spyware and malware services to clients.

The company has been observed putting together Windows zero day exploits and Adobe products to deploy its Subzero malware, which enables spying on targeted individuals. Victims include businesses in the UK, Austria, and Panama, and span industries such as banking, law firms, and strategic consultancies, according to Microsoft.

Microsoft has concluded that the company is operating an unauthorised, mercenary offensive security operation similar to that of NSO Group, and has given the threat actor the codename Knotweed.

The group is highly secretive and only reveals the full extent of its capabilities to clients in exclusive meetings. There is no clear evidence that it operates a genuine professional services operation as it claims to and there are suspicions that the Austrian firm has ties to the Russian government agencies

Microsoft’s investigation has focused on the Subzero malware the DSIRF makes available to clients. The malware Microsoft observed was packaged in a PDF doc sent to a victim via email  and Microsoft say that  Subzero can be deployed in several different ways, making use of a remote code execution (RCE) vulnerability in Adobe Reader, coupled with a now-patched privilege escalation exploit in Windows (CVE-2022-22047). 

Microsoft:     ITPro:      Netzpoiltik:    Silicon Republic:       Yahoo:    Cybersecurity.News

You Might Also Read: 

Revealed: Top Secret Israeli Hackers For Hire:

 

« For Sale: 5.4m Twitter Users’ Data
Google Chrome Extension Used To Steal Emails »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Versasec

Versasec

Versasec is a leader in identity and access management, providing customers with security solutions for managing digital identities.

CSIRT.CZ

CSIRT.CZ

CSIRT.CZ is the National Computer Security Incident Response Team of the Czech Republic.

InAuth

InAuth

InAuth Security Platform delivers advanced device identification, risk detection, and analysis capabilities to help organizations limit risk and reduce fraud.

Ikarus Security Software

Ikarus Security Software

Ikarus focuses on antivirus and content-security solutions.

Brainloop

Brainloop

Brainloop's security architecture enables you to work on and distribute strictly confidential documents both within and beyond the firewall.

Magtech Solutions

Magtech Solutions

Magtech Solutions is a one-stop IT Solutions provider offering Cloud Computing, IT Security, Unified Email Solutions and ERP systems.

Data443 Risk Mitigation

Data443 Risk Mitigation

Data443 Risk Mitigation provides next-generation cybersecurity products and services in the area of data security and compliance.

CNS Group

CNS Group

CNS Group provides industry leading cyber security though managed security services, penetration testing, consulting and compliance.

MOXFIVE

MOXFIVE

MOXFIVE is a specialized technical advisory firm founded to bring clarity to the complexity of cyber attacks.

Lionfish Cyber Security

Lionfish Cyber Security

Lionfish Cyber Evolution & Empowerment Model™ empowers SMBs to prepare and protect themselves against cyber threats using a unique combination of on-demand training, support and managed services.

MyDocSafe

MyDocSafe

MyDocSafe is an all-in-one document security and e-sign software.

YorCyberSec

YorCyberSec

YorCyberSec act as a trusted Cyber and Information Security broker and procurement specialist. We help companies to Reduce Risk, Increase Assurance and Improve Performance.

East Midlands Cyber Resilience Centre (EMCRC)

East Midlands Cyber Resilience Centre (EMCRC)

The East Midlands Cyber Resilience Centre is set up to support and help protect businesses across the region against cyber crime.

Bastion Networks

Bastion Networks

Bastion are a security-focussed managed solution provider and consultancy. We work with advanced cyber security vendors to produce managed security solutions to protect from online threats.

KCS Group Europe

KCS Group Europe

KCS Group helps its clients to identify and deal with any risks, weaknesses and threats which could impact on the business financially or reputationally.

ZILLIONe

ZILLIONe

ZILLIONe is one of Sri Lanka´s top enterprise technology solutions providers.