Mercenary Hacking Group Selling Spyware

Microsoft has identified a spyware called Subzero which has been used to hack law firms, banks and strategic consultancies in countries such as Austria, the UK and Panama. In particular, Microsoft has been investigating an Austrian private-sector firm that it believes is operating illegal offensive security services on behalf of clients in a similar fashion to NSO Group and its Pegasus spyware.

Vienna-based DSR Decision Supporting Information Research Forensic (DSIRF) presents itself as a professional services company with clients across high-value industries, but investigations have revealed it is offering spyware and malware services to clients.

The company has been observed putting together Windows zero day exploits and Adobe products to deploy its Subzero malware, which enables spying on targeted individuals. Victims include businesses in the UK, Austria, and Panama, and span industries such as banking, law firms, and strategic consultancies, according to Microsoft.

Microsoft has concluded that the company is operating an unauthorised, mercenary offensive security operation similar to that of NSO Group, and has given the threat actor the codename Knotweed.

The group is highly secretive and only reveals the full extent of its capabilities to clients in exclusive meetings. There is no clear evidence that it operates a genuine professional services operation as it claims to and there are suspicions that the Austrian firm has ties to the Russian government agencies

Microsoft’s investigation has focused on the Subzero malware the DSIRF makes available to clients. The malware Microsoft observed was packaged in a PDF doc sent to a victim via email  and Microsoft say that  Subzero can be deployed in several different ways, making use of a remote code execution (RCE) vulnerability in Adobe Reader, coupled with a now-patched privilege escalation exploit in Windows (CVE-2022-22047). 

Microsoft:     ITPro:      Netzpoiltik:    Silicon Republic:       Yahoo:    Cybersecurity.News

You Might Also Read: 

Revealed: Top Secret Israeli Hackers For Hire:

 

« For Sale: 5.4m Twitter Users’ Data
Google Chrome Extension Used To Steal Emails »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

iboss Network Security

iboss Network Security

The iboss cloud is designed to deliver Network Security as a Service, in the cloud, using the best malware engines, threat feeds and log analytics engines.

Gatewatcher

Gatewatcher

Gatewatcher is a digital breach detection platform targeting crafted attacks and protecting organizations against advanced cyber threats.

National Security Authority (NBU) - Slovakia

National Security Authority (NBU) - Slovakia

The National Security Authority (NBU) is the central government body in Slovakia for the Protection of Classified Information, Cryptographic Services, Trust Services and Cyber Security.

Miratech

Miratech

Miratech is a global IT services and consulting organization offering a full range of IT infrastructure solutions and services including cyber security.

LSoft Technologies

LSoft Technologies

LSoft Technologies is a leader in data recovery software technologies.

Data Security Inc

Data Security Inc

Data Security, Inc. is the leading American manufacturer and supplier of hard drive degaussers, magnetic tape degaussers as well as hard drive and solid state destruction devices.

Fastcomcorp

Fastcomcorp

Fastcomcorp offers a world-class proactive cyber security defense and risk management consulting. Including Darkweb monitoring and posture assessments.

BlackDice Cyber

BlackDice Cyber

Threat Intelligence is only part of the solution. Our solution matches threats to vulnerabilities and automatically takes remedial action against compromised apps, devices and websites.

Shield Capital

Shield Capital

Shield Capital helps founders build frontier solutions in cybersecurity, artificial intelligence, space & autonomy for commercial and government enterprises.

Certo Software

Certo Software

Certo are trusted experts in mobile security. At Certo, mobile security is not an afterthought, it’s what we do.

ICS

ICS

ICS is a leading provider of outsourced IT services, cybersecurity, communications, and distributed workforce solutions throughout the US.

Brennan IT

Brennan IT

For over 25 years, Brennan’s expert team has helped businesses achieve real success through innovative and secure technology solutions.

CyberloQ Technologies

CyberloQ Technologies

CyberloQ Secure is a cybersecurity solution that enables clients to implement highly robust Multi-Factor Authentication (MFA) that includes client-defined location-based geofencing constraints.

Resmo

Resmo

Resmo is an all in one platform for SaaS app and access management for modern IT teams.

Keeran Networks

Keeran Networks

Established in Edmonton in 1999, Keeran specializes in delivering comprehensive IT support and solutions aimed at optimizing technology investments for businesses.

AUCyber

AUCyber

AUCyber is a leading provider of managed cyber security solutions and consultancy services, specialising in supporting Australian organisations and Government agencies.