Austrian Company Exploiting Windows and Adobe Zero-Day Exploits

Austrian Company Exploiting Windows and Adobe Zero-Day Exploits – Gets Caught by Microsoft

Microsoft details that a company described being a private-sector offensive actor, or PSOA, is a company disguised as an Austrian-based company called DSIRF. It is found that it was, in fact, linked to the development and attempted sale of Subzero, a piece of cyberware.

Subzero is known to hack the target’s phones, computers, and other internet-connected devices. Microsoft’s cybersecurity team reports that the victims of these employs include banks, strategic consultancies, and law firms in countries including the United Kingdom, Panama, Austria, etc.

To track this cyberware, Microsoft has assigned it a moniker, KNOTWEED, as it continues the trend of giving names of trees and shrubs to the actors they are tracking. KNOTWEED can act as both an access as a service and hack-for-hire operations. Therefore, it is offering its toolset to third-party actors as well as directly partaking in certain attacks. 

The former entails that the sales of the tools, such as end-to-end hacking, can be used by those who purchase them without the involvement of the offensive attacker. Therefore, the purchaser can act in their own right.

However, the hack-for-hire group is much more involved as they run the targeted operations upon the instruction of their clients. 

Google believes that the deployment of Subzero transpired due to the exploitation of various issues. These include an attack chain that abused an Adobe Reader remote code execution that was previously unknown. Another attack was the zero-day privilege escalation bug, which Microsoft addressed in their patch updates. 

Microsoft details that KNOTWEED was uncovered to be actively serving malware since February 2020. It used infrastructure hosted on Choopa and DigitalOcean. They also identified various other subdomains where malware development and staging Subzero payload took place.  

Read Also

Abdul Wahab is a Software Engineer by profession and a Tech geek by nature. Having been associated with the tech industry for the last five years, he has covered a wide range of Tech topics and produced well-researched and engaging content. You will mostly find him reviewing tech products and writing blog posts. Binge-watching tech reviews and endlessly reading tech blogs are his favorite hobbies.