0-days sold by Austrian firm used to hack Windows users, Microsoft says
Published: July 28, 2022

0-days sold by Austrian firm used to hack Windows users, Microsoft says
0-days sold by Austrian firm used to hack Windows users, Microsoft says

Windows and Adobe Reader exploits said to target orgs in Europe and Central America.

Microsoft said on Wednesday that an Austria-based company named DSIRF used multiple Windows and Adobe Reader zero-days to hack organizations located in Europe and Central America.

Multiple news outlets have published articles like this one, which cited marketing materials and other evidence linking DSIRF to Subzero, a malicious toolset for "automated exfiltration of sensitive/private data" and "tailored access operations [including] identification, tracking and infiltration of threats."

Members of the Microsoft Threat Intelligence Center, or MSTIC, said they have found Subzero malware infections spread through a variety of methods, including the exploitation of what at the time were Windows and Adobe Reader zero-days, meaning the attackers knew of the vulnerabilities before Microsoft and Adobe did. Targets of the attacks observed to date include law firms, banks, and strategic consultancies in countries such as Austria, the UK, and Panama, although those aren’t necessarily the countries in which the DSIRF customers who paid for the attack resided.

"MSTIC has found multiple links between DSIRF and the exploits and malware used in these attacks," Microsoft researchers wrote. "These include command-and-control infrastructure used by the malware directly linking to DSIRF, a DSIRF-associated GitHub account being used in one attack, a code signing certificate issued to DSIRF being used to sign an exploit, and other open source news reports attributing Subzero to DSIRF."

Wednesday’s post is the latest to take aim at the scourge of mercenary spyware sold by private companies. Israel-based NSO Group is the best-known example of a for-profit company selling pricey exploits that often compromise the devices belonging to journalists, attorneys, and activists. Another Israel-based mercenary named Candiru was profiled by Microsoft and University of Toronto’s Citizen Lab last year and was recently caught orchestrating phishing campaigns on behalf of customers that could bypass two-factor authentication.
Also on Wednesday, the US House of Representatives Permanent Select Committee on Intelligence held a hearing on the proliferation of foreign commercial spyware. One of the speakers was the daughter of a former hotel manager in Rwanda who was imprisoned after saving hundreds of lives and speaking out about the genocide that had taken place. She recounted the experience of having her phone hacked with NSO spyware the same day she met with the Belgian foreign affairs minister.

Wednesday’s post also provides detailed indicators of compromise that readers can use to determine if they have been targeted by DSIRF.

Microsoft used the term PSOA, short for private-sector offensive actor, to describe cyber mercenaries like DSIRF. The company said most PSOAs operate under one or both of two models. The first, access-as-a-service, sells full end-to-end hacking tools to customers for use in their own operations. In the other model, hack-for-hire, the PSOA carries out the targeted operations itself.

"Based on observed attacks and news reports, MSTIC believes that KNOTWEED may blend these models: they sell the Subzero malware to third parties but have also been observed using KNOTWEED-associated infrastructure in some attacks, suggesting more direct involvement," Microsoft researchers wrote.

Source: Re-posted and Summarized from DAN GOODIN at arstechnica.

My Take: These hackers cause a lot of grief. Somebody should do something about them.


Customer Reviews:

We all have been VERY pleased with Adrian's vigila
We all have been VERY pleased with Adrian's vigilance in monitoring the website and his quick and successful repairs. Evan was also very helpful in solving all of my hacking problems. So in all aspects of the Computer Geeks we are very glad we are working with you.
Kenneth Bruscia PhD
Published:
Kenneth Bruscia PhD
[email protected]
FIVE STARS + It's true, this is the place to go fo
FIVE STARS + It's true, this is the place to go for your web site needs. In my case, Justin fixed my problem immediately. It's such a comfort to know that I can reply on these people for any and all my web needs. You will not find a better team anywhere.
Paul Adler
Published:
Paul Adler
[email protected]
We reached out to Rich and his team at Computer Ge
We reached out to Rich and his team at Computer Geek in July 2021. We were in desperate need of help because our former website design agency left us hanging with major website issues that needed immediate attention. Rich and his team were extremely helpful and quick to come to our rescue! They have helped us with numerous projects that have helped our SEO. Our sales have increased 30% since coming to Computer Geek. We've been working with them for about nine months now and are very pleased with their response time and helpful manner. Rich has proven himself to be trustworthy and dependable. We feel valued as a customer and look forward to continuing a relationship with Computer Geek.
Leigh Hutchens
Published:
Leigh Hutchens
[email protected]
Just to say thank you for all the hard work. I can
Just to say thank you for all the hard work. I can't express enough how great it's been to send projects and they get done. Beyond that, your ability to work with three different folks in a personable way really has been a game changer for us. The improvements to our business because of your hard work have been significant.
Curtis Williams
Published:
Curtis Williams
[email protected]
I would certainly like to recommend that anyone pu
I would certainly like to recommend that anyone pursing maintenance for a website to contact The Computer Geek. I have been using another company to do some maintenance on my site with moderate success. There were issues that were evidently beyond what could be handled by them. However, the professionals at The Computer Geek had them addressed and rectified in no time at all. The Computer Geek approached all of my requests focusing on my goals and the needed performance. Then, once versed, presented me with a very reasonable price. Once the projects were in motion, I found that the tasks were achieved before I expected, with professional results. Also, in one instance where The Computer Geeks brought an issue to my attention that I would have likely overlooked. This was accompanied by a recommendation on how to solve the issue. Overall The Computer Geeks exceeded my expectations!
David Pappas
Published:
David Pappas
[email protected]
I have a important website dedicated to the local
I have a important website dedicated to the local high school going back nearly 100 years. It was suddenly infected with a virus. Rich at Computer Geek fixed it within an hour. I cannot recommend him enough. I hope it's not for a long time, but the next time I need help, Rich is who I'm gonna call.
Eric Williams
Published:
Eric Williams
[email protected]
WOW! I have been wracking my brain for the past 30
WOW! I have been wracking my brain for the past 30 days trying to figure out who was hosting my company's website the domain owner, etc. Yesterday, when I googled for help and I clicked on the link to computer-geek.net and picked up the phone and called them. Rich answered and from there it was smooth sailing!
Rhonda Harding
Published:
Rhonda Harding
[email protected]
A note to let you know how much I appreciate your
A note to let you know how much I appreciate your team's work. Justin is on top of quickly solving any issues, making changes, reliable. Finding you was one of the luckiest days of my 74 years. I'd be honored if you'd add me to your list of references. And please stay healthy and in business. I got enough headaches from other folks.
Dan Cutrer
Published:
Dan Cutrer
[email protected]
We discovered an issue with our Oscommerce cart pr
We discovered an issue with our Oscommerce cart processing images. It is about 14 years old and heavily modified. Looking on google for some expert help I found Rich and reached out to him. We received a response the same day. The next day his team was working on our issue and was able to solve it within a few hours. Price was reasonable and we are very appreciative to find a competent and professional oscommerce expert to help successfully troubleshoot our issue.
Phillip Sirota
Published:
Phillip Sirota
[email protected]
I'm very new to the whole idea of having a website
I'm very new to the whole idea of having a website / blog. I used Bluehost.com and WordPress.org to create Thepredatorhunter.com and then managed to wreck it. On a Sunday morning I opened chat box with Rich and within a few hours everything was fantastic! This isn't just a company for big biz, if your new and small, The Computer Geek can help you out. In trouble? Stop fretting and start typing in the chat box. You will be glad you did!
Dennis Gilmore
Published:
Dennis Gilmore
[email protected]
[Read More Testimonials Here]

Latest Website Related Articles

Proton's encrypted cloud storage is going mobile

Published: December 9, 2022
Proton's encrypted cloud storage is going mobile. Proton, the privacy-focused company behind a hit VPN service and an e-mail provider, has brought its end-to-end encrypted (E2EE) cloud storage to iOS and Android. The announcement of the lau...[Read More]

 

SpaceX donates a Dragon spacecraft to The Chicago Museum of Science and Industry

Published: December 8, 2022
SpaceX donated a Dragon spacecraft to The Chicago Museum of Science and Industry (MSI). On December 1st, MSI representatives hosted a ceremony to celebrate the vehicle’s delivery to Illinois where it will be permanently displayed at the museum&...[Read More]

 


Here are some links to related topics:
 seo wizard,   webpage troubleshoot,   website problem,   pure host hacked,   startlogic hacked,   wordpress hacked,  


Auto Helpers: Auto Helpers
Site Secured By The Website Guardian