Microsoft finds hackers using unknown Windows security flaws

Austrian firm found selling Windows spyware to governments. Microsoft has revealed a potentially damaging new spyware campaign targeting victims around the world.

In a blog post, Microsoft asserts that a company in Austria that is misrepresenting itself as a risk analysis and business intelligence service provider is actually a spyware developer behind the Subzero malware that targets endpoints of law firms, banks, and consulting firms in the UK, Austria, and Panama.

The business, known as DSIRF, was purportedly detected using remote code execution capabilities for its clients while also abusing zero-day vulnerabilities in both Windows and Adobe Reader. Microsoft had been monitoring it under the codename KNOTWEED prior to discovering the threat actor.

Commercial spyware

Before identifying the threat actor, Microsoft was tracking it under the codename KNOTWEED, and says it has now patched the vulnerabilities abused by DSIRF.

Multiple connections between DSIRF and the exploits and malware employed in these attacks have been discovered by MSTIC [Microsoft Threat Intelligence Center].

These include DSIRF-related GitHub accounts being used in attacks, a code signing certificate issued to DSIRF being used to sign an exploit, other open-source news reports attributing Subzero to DSIRF, and command-and-control infrastructure used by the malware directly linking to DSIRF, according to Microsoft’s blog.

Subscribe to Our Epblogs Telegram Channel instant breaking news, deals, opinion to stay up to date on the latest news and reviews.


The Verge noted that Microsoft’s study on “Combatting the Threats to U.S. National Security from the Proliferation of Foreign Commercial Spyware” was released concurrently with the company’s testimony before the House Intelligence Committee. Microsoft claims in the written testimony that there has been a growth in commercial entities creating and selling spyware to repressive countries all over the world in the last ten years.

According to the evidence, “about a decade ago, we began to see private sector corporations move into this very sophisticated monitoring field as autocratic countries and smaller governments desired the capabilities of their larger and better resourced counterparts.”

“In certain instances, businesses created tools that governments might employ to uphold the rule of law and democratic principles. However, in other instances, businesses started creating and offering surveillance as a service to authoritarian regimes or those that violate human rights standards.

Leave a Reply

Your email address will not be published. Required fields are marked *