Mercenary Hacking Group Selling Spyware

Uploaded on 2022-08-02 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-Russia, FREE TO VIEW

Microsoft has identified a spyware called Subzero which has been used to hack law firms, banks and strategic consultancies in countries such as Austria, the UK and Panama. In particular, Microsoft has been investigating an Austrian private-sector firm that it believes is operating illegal offensive security services on behalf of clients in a similar fashion to NSO Group and its Pegasus spyware.

Vienna-based DSR Decision Supporting Information Research Forensic (DSIRF) presents itself as a professional services company with clients across high-value industries, but investigations have revealed it is offering spyware and malware services to clients.

The company has been observed putting together Windows zero day exploits and Adobe products to deploy its Subzero malware, which enables spying on targeted individuals. Victims include businesses in the UK, Austria, and Panama, and span industries such as banking, law firms, and strategic consultancies, according to Microsoft.

Microsoft has concluded that the company is operating an unauthorised, mercenary offensive security operation similar to that of NSO Group, and has given the threat actor the codename Knotweed.

The group is highly secretive and only reveals the full extent of its capabilities to clients in exclusive meetings. There is no clear evidence that it operates a genuine professional services operation as it claims to and there are suspicions that the Austrian firm has ties to the Russian government agencies

Microsoft’s investigation has focused on the Subzero malware the DSIRF makes available to clients. The malware Microsoft observed was packaged in a PDF doc sent to a victim via email  and Microsoft say that  Subzero can be deployed in several different ways, making use of a remote code execution (RCE) vulnerability in Adobe Reader, coupled with a now-patched privilege escalation exploit in Windows (CVE-2022-22047). 

Microsoft:     ITPro:      Netzpoiltik:    Silicon Republic:       Yahoo:    Cybersecurity.News

You Might Also Read: 

Revealed: Top Secret Israeli Hackers For Hire:

 

« For Sale: 5.4m Twitter Users’ Data
Google Chrome Extension Used To Steal Emails »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

AppRiver

AppRiver

AppRiver is a global provider of cloud-based email and web security solutions that protect businesses worldwide from today's ever-changing online threats.

CERT.GOV.AZ

CERT.GOV.AZ

Azerbaijan Government Computer Incident Response Team

Government Communications Headquarters (GCHQ)

Government Communications Headquarters (GCHQ)

GCHQ defends Government systems from cyber threat, provide support to the Armed Forces and strive to keep the public safe, in real life and online.

Cyber Risk Agency

Cyber Risk Agency

Cyber Risk Agency is a cybersecurity consulting firm specializing in managing cyber risks for SMEs.

GuardiCore

GuardiCore

GuardiCore is an innovator in internal data center security and breach detection and is transforming security inside data centers and clouds.

FinlayJames

FinlayJames

FinlayJames supports cyber security companies to meet the increasing demand and pressure on them by finding top talent within the industry for their sales, marketing and technical teams.

Digital Management (DMI)

Digital Management (DMI)

DMI is a provider of mobile enterprise, business intelligence and cybersecurity services.

Improsec

Improsec

Improsec is a fully independent Cyber Security advisory company - we provide knowledge, experience and both strategic and deep technical expertise to our clients.

Orchestra Group

Orchestra Group

Orchestra Group offer a unique integrated cybersecurity defense platform with proactive security policy management and enforcement orchestration.

NuCrypt

NuCrypt

NuCrypt is developing technology that is applicable to ultrahigh security data encryption as well as key distribution.

Getronics

Getronics

Getronics guides customers through their own transformation journeys, leveraging an integrated and secure-by-design IT portfolio.

Focus on Security

Focus on Security

Focus on Security are Cyber Security recruitment specialists. We’re dedicated to connecting you with the top Cyber Security talent across the globe. We focus on partnerships and results.

Allstate Identity Protection

Allstate Identity Protection

Allstate make it easy to provide complete identity protection, so everyone can live more confidently online.

Theori

Theori

Theori tackles the most difficult cybersecurity challenges from an attacker’s perspective and conquers them as the best strategic security experts.

Cynclair

Cynclair

Cybersecurity is a complex beast. And we're the beast-tamers. Our team thrives on deciphering the latest threats, building cutting-edge defenses, and making your digital world much safer.

Layer 8 Security

Layer 8 Security

Layer 8 Security is a cybersecurity advisory, consulting, and technical services firm that arms businesses with practical compliance, risk management, and security program strategies.