Microsoft finds hackers using unknown Windows security flaws

digital data lock on screen
(Image credit: Shutterstock)

Microsoft has revealed a potentially damaging new spyware campaign targeting victims around the world.

In a blog post, Microsoft claims that an Austrian company posing as a risk analysis and business intelligence service provider is in fact, a spyware developer responsible for Subzero, malware used against endpoints belonging to law firms, banks, and consultancy firms in the UK, Austria, and Panama.

The company, known as DSIRF, was found allegedly abusing zero-days exploits in both Windows and Adobe Reader to provide its customers with remote code execution capabilities, among other things. Before identifying the threat actor, Microsoft was tracking it under the codename KNOTWEED.

Commercial spyware

Before identifying the threat actor, Microsoft was tracking it under the codename KNOTWEED, and says it has now patched the vulnerabilities abused by DSIRF.

“MSTIC [Microsoft Threat Intelligence Center] has found multiple links between DSIRF and the exploits and malware used in these attacks. These include command-and-control infrastructure used by the malware directly linking to DSIRF, a DSIRF-associated GitHub account being used in one attack, a code signing certificate issued to DSIRF being used to sign an exploit, and other open-source news reports attributing Subzero to DSIRF,” Microsoft said in the blog. 

As spotted by The Verge, Microsoft’s report was published while the company testified in front of the House Intelligence Committee, on “Combatting the Threats to U.S. National Security from the Proliferation of Foreign Commercial Spyware”. In the testimony, submitted in written form, Microsoft argues that in the past decade, there’s been a boom of commercial entities developing, and selling, spyware, to repressive regimes around the world. 

“Over a decade ago, we started to see companies in the private sector move into this sophisticated surveillance space as autocratic nations and smaller governments sought the capabilities of their larger and better resourced counterparts,” it says in the testimony.

“In some cases, companies were building capabilities for governments to use consistent with the rule of law and democratic values. But in other cases, companies began building and selling surveillance as a service ... to authoritarian governments or governments acting inconsistently with the rule of law and human rights norms.”

Microsoft has urged the U.S. to classify spyware as a “cyberweapon”.

  • Keep your online activities to yourself with the best firewalls around

Via: The Verge

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.