Microsoft has unearthed an Austrian “cyber mercenary” group employing Windows and Adobe exploits to target organizations with spyware since at least 2021.
Security analysts at Microsoft’s Threat Intelligence Center and Security Response Center said the organization is a private-sector offensive actor (PSOA) called Decision Supporting Information Research Forensic (DSIRF), but dubbed by Microsoft with the codename Knotweed.
A cyber-weapons broker has launched multiple attacks on law firms, banks, and strategic consultancies in countries across the globe via spyware — dubbed Subzero — that allows its users to remotely and silently infiltrate a victim’s computer, phone, network infrastructure, and internet-linked devices.
"DSIRF has been linked to the development and attempted sale of a malware toolset called Subzero, which enables customers to hack into their targets' computers, phones, network infrastructure, and internet-connected devices," Microsoft said in a blog post.
DSIRF promotes Subzero as a “next generation cyber warfare” tool that can secure full control of a victim’s PC, steal passwords and disclose its real-time location, according to a copy of an internal presentation released by Netzpolitik, a German news website, in 2021.
The report claims that DSIRF, which reportedly has links to the Russian state, promoted its tool for use during the 2016 U.S. presidential election. The German government was also considering the purchase and use of Subzero to enhance its cyber defense.
Microsoft said it has issued a software update to mitigate the use of the identified vulnerabilities. The tech giant has also released signatures of the malware to shield Windows users from exploits Knotweed was employing to help deliver its malware.
More action is needed on a broader level, given that DSIRF will not be the last PSOA to target organizations, as Microsoft researchers explained in a brief sent to Congress on Wednesday.
"We are increasingly seeing PSOAs selling their tools to authoritarian governments that act inconsistently with the rule of law and human rights norms," researchers explained. "We welcome Congress's focus on the risks and abuses we all collectively face from the unscrupulous use of surveillance technologies and encourage regulation to limit their use both here in the United States and elsewhere around the world."
