Microsoft catches a european malware – Subzero | #microsoft | #hacking | #cybersecurity


Microsoft’s Threat intelligence center (MSTIC) and Security response center (MSRC) have spotted a private-sector offensive actor (PSOA) using multiple 0-day exploits in Windows and Adobe targeting European and Central American users.
Creating malware using 0-day exploits is quickly becoming a highly profitable business, we have seen the trend with companies creating Pegasus and Predator spyware and then selling them to governments around the world. Microsoft also refers to these PSOAs as cyber mercenaries, selling ‘Hack-for-Hire’ services.
Microsoft’s teams are tracking the private sector threat actor as ‘KNOTWEED’. They are an Austria-based company going by the name of ‘DSIRF’, with offices in Vienna and Lichenstein. The company website (archived) states, “DSIRF provides mission-tailored services in the fields of information research, forensics as well as data-driven intelligence to multinational corporations in the technology, retail, energy and financial sectors.”

Related News

Government boosts war against cybercrime by taking these 16 significant steps - DETAILS

Government boosts war against cybercrime by taking these 16 significant steps – DETAILS

Microsoft expects Xbox gaming sales to slide further

Microsoft expects Xbox gaming sales to slide further

DSIRF has been linked to the development and attempted sale of ‘Subzero’ malware, Microsoft has found ‘Subzero’ being deployed using 0-day exploits in Windows and Adobe software in 2021 and 2022. Observed victims to date include law firms, banks, and strategic consultancies in countries such as Austria, the United Kingdom, and Panama.

DSIRF has been spotted by Microsoft using Remote code execution and 0-day privilege escalation exploits in Windows and Adobe software to deploy Subzero. The exploits were packaged into a malicious PDF file that was sent to the victim via email. Earlier DSIRF used privilege escalation exploits in windows in conjunction with Adobe exploits to deploy the Subzero malware.

While Microsoft has patched the exploits, it recommends

Related News

Russian cyberattacks in the Baltics foreshadow the future of war

Russian cyberattacks in the Baltics foreshadow the future of war

Pro and Cons of using Cloud Storage like Google Drive versus a portable HDD

Pro and Cons of using Cloud Storage like Google Drive versus a portable HDD

  • All users to prioritize updating to the patch – CVE-2022-22047.
  • Update Microsoft Defender Antivirus to security intelligence update 1.371.503.0 or later to detect the related indicators
  • Change Excel macro security settings
  • Enable multifactor authentication (MFA)



Original Source link

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply

Your email address will not be published.

− three = three