Microsoft Reports Austrian Firm Sold Spyware to Target Users

Microsoft that an Austrian company is using zero-day exploits and malware to target its users in Europe and Central America.

Microsoft said that Austrian cybersecurity firm DSIRF conducted “limited and targeted attacks” against organizations using Windows and Adobe zero-day vulnerabilities and the “Subzero” malware they developed.

Microsoft classified DSRIF as a private-sector offensive actor (PSOA) under the codename KNOTWEED for their activities such as selling hacking tools or services through a variety of business models.

Among the vulnerabilities reportedly exploited by DSRIF was CVE-2022-22047, a bug that affects Windows’ Client Server Runtime Subsystem.

“Customers are encouraged to expedite deployment of the July 2022 Microsoft security updates to protect their systems against exploits using CVE-2022-22047. Microsoft Defender Antivirus and Microsoft Defender for Endpoint have also implemented detections against KNOTWEED’s malware and tools,” warned Microsoft.

German news site Netzpolitik has also raised concerns last year regarding the link between DSRIF and Subzero but no legal action has been taken so far. 

DSRIF has not yet commented. on Microsoft’s report. 

© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.