Mercenary Hacking Group Selling Spyware

Uploaded on 2022-08-02 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

Microsoft has identified a spyware called Subzero which has been used to hack law firms, banks and strategic consultancies in countries such as Austria, the UK and Panama. In particular, Microsoft has been investigating an Austrian private-sector firm that it believes is operating illegal offensive security services on behalf of clients in a similar fashion to NSO Group and its Pegasus spyware.

Vienna-based DSR Decision Supporting Information Research Forensic (DSIRF) presents itself as a professional services company with clients across high-value industries, but investigations have revealed it is offering spyware and malware services to clients.

The company has been observed putting together Windows zero day exploits and Adobe products to deploy its Subzero malware, which enables spying on targeted individuals. Victims include businesses in the UK, Austria, and Panama, and span industries such as banking, law firms, and strategic consultancies, according to Microsoft.

Microsoft has concluded that the company is operating an unauthorised, mercenary offensive security operation similar to that of NSO Group, and has given the threat actor the codename Knotweed.

The group is highly secretive and only reveals the full extent of its capabilities to clients in exclusive meetings. There is no clear evidence that it operates a genuine professional services operation as it claims to and there are suspicions that the Austrian firm has ties to the Russian government agencies

Microsoft’s investigation has focused on the Subzero malware the DSIRF makes available to clients. The malware Microsoft observed was packaged in a PDF doc sent to a victim via email  and Microsoft say that  Subzero can be deployed in several different ways, making use of a remote code execution (RCE) vulnerability in Adobe Reader, coupled with a now-patched privilege escalation exploit in Windows (CVE-2022-22047). 

Microsoft:     ITPro:      Netzpoiltik:    Silicon Republic:       Yahoo:    Cybersecurity.News

You Might Also Read: 

Revealed: Top Secret Israeli Hackers For Hire:

 

« For Sale: 5.4m Twitter Users’ Data
Google Chrome Extension Used To Steal Emails »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

eSentire

eSentire

eSentire is the authority in Managed Detection and Response Services, protecting the critical data and applications of organizations from known and unknown cyber threats.

Splunk

Splunk

Splunk provide real-time Security Information & Event Management solutions for Enterprise Networks, Cloud and small-scale IT environments

QMS International

QMS International

QMS is one of the leading ISO certification bodies in the UK and serves clients worldwide.

Arthur J Gallagher & Co

Arthur J Gallagher & Co

Arthur J. Gallagher & Co. is a global insurance brokerage and risk management services firm. Services include Cyber Liability insurance.

Veriato

Veriato

Veriato develops intelligent solutions that provide companies with visibility into the human behaviors and activities occurring within their network, making them more secure and productive.

Sequretek

Sequretek

Sequretek was formed with the aim to “Simplify Security”. We envision a future where enterprise networks are streamlined, secure and simple.

African Cyber Security

African Cyber Security

African Cyber Security and it's partners, have the expertise and skills to provide holistic solutions for companies, institutions and government.

DisruptOps

DisruptOps

Built for today’s cloud-scale enterprises, DisruptOps’ Cloud Detection and Response platform automates assessment and remediation procedures of critical cloud security issues.

Nettoken

Nettoken

Nettoken is the first identity management platform designed for everyday internet users, to encourage awareness and control of our ever expanding digital footprint and personal cybersecurity.

ISTC Foundation

ISTC Foundation

ISTC Foundation is one of the leading innovation centers in Armenia, founded by joint initiative of IBM, USAID, Armenian Government and Enterprise Incubator Foundation.

European Data Protection Supervisor (EDPS)

European Data Protection Supervisor (EDPS)

The EDPS is the European Union’s independent data protection authority. We monitor and ensure the protection of personal data and privacy when EU institutions and bodies process personal information.

Xobee Networks

Xobee Networks

Xobee Networks is a Managed Service Provider of innovative, cost-effective, and cutting-edge technology solutions in California.

MAUSHIELD

MAUSHIELD

MAUSHIELD is the national platform for sharing cyber threat information and intelligence that can help organisations to improve their cybersecurity posture, minimize risks and prevent cyber-attacks.

Vertek

Vertek

Vertek is a leading provider of operations consulting, end-to-end business process outsourcing, business intelligence, software applications and managed cybersecurity solutions.

Armata Cyber Security

Armata Cyber Security

Armata exists to bring Cyber Security to all people – from home users and SMBs to large enterprises. We believe all users have the right to an affordable yet effective Cyber Security solution.

Proaxiom

Proaxiom

Proaxiom are focused on erasing cyber driven panic paralysis for Small and Medium Enterprises through brilliant cyber technologies which drive productivity and support growth.