has caught an Austrian company selling spyware based on multiple Windows and Adobe zero-day exploits to attack its customers.


The Threat Intelligence Center (MSTIC) and the Security Response Center (MSRC) found that the spyware developer — officially named DSIRF and codenamed KNOTWEED — developed a spyware called ‘Subzero’ that was used to target law firms, banks, and consultancy firms in the UK, Austria and Panama.


“It’s important to note that the identification of targets in a country doesn’t necessarily mean that a DSIRF customer resides in the same country, as international targeting is common,” the company said in a blogpost late on Wednesday.


MSTIC has found multiple links between DSIRF and the exploits and malware used in these attacks.


These include command-and-control infrastructure used by the malware directly linking to DSIRF, a DSIRF-associated GitHub account being used in one attack, a code signing certificate issued to DSIRF being used to sign an exploit, and other open-source news reports attributing Subzero to DSIRF.


Such cyber mercenaries sell hacking tools or services through a variety of business models.


Two common models for this type of actor are access-as-a-service and hack-for-hire.


In access-as-a-service, the actor sells full end-to-end hacking tools that can be used by the purchaser in operations, with the private-sector offensive actor (PSOA) not involved in any targeting or running of the operation.


In hack-for-hire, detailed information is provided by the purchaser to the actor, who then runs the targeted operations.


Microsoft said that KNOTWEED may blend these models: they sell the Subzero malware to third parties but have also been observed using KNOTWEED-associated infrastructure in some attacks, suggesting more direct involvement.


“Customers are encouraged to expedite deployment of the July 2022 Microsoft security updates to protect their systems against exploits,” the company advised.


–IANS


na/ksk/

(Only the headline and picture of this report may have been reworked by the Business Standard staff; the rest of the content is auto-generated from a syndicated feed.)

Dear Reader,

Business Standard has always strived hard to provide up-to-date information and commentary on developments that are of interest to you and have wider political and economic implications for the country and the world. Your encouragement and constant feedback on how to improve our offering have only made our resolve and commitment to these ideals stronger. Even during these difficult times arising out of Covid-19, we continue to remain committed to keeping you informed and updated with credible news, authoritative views and incisive commentary on topical issues of relevance.

We, however, have a request.

As we battle the economic impact of the pandemic, we need your support even more, so that we can continue to offer you more quality content. Our subscription model has seen an encouraging response from many of you, who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practise the journalism to which we are committed.

Support quality journalism and subscribe to Business Standard.

Digital Editor





Source link

Leave a Reply

Your email address will not be published.