The Austrian government announced last week it was investigating a firm based within the nation’s territory for allegedly designing spyware targeting law firms, banks, and consultancies across Europe and Central America.
The news comes after researchers at Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) linked a hacking group called Knotweed to an Austrian surveillance firm named DSIRF, known for multiple Windows and Adobe zero-day exploits.
"Observed victims to date include law firms, banks, and strategic consultancies in countries such as Austria, the United Kingdom, and Panama," the researchers stated, without identifying the victims.
The researchers unearthed Subzero malware (CVE-2022-22047) deployed in 2021 and 2022 to hack a broad range of devices, phones, computers, and internet-connected devices. Additionally, multiple pieces of evidence were identified that linked DSIRF to Knotweed’s operation, including the C2 infrastructure used by Subzero, and the code signing certificate issued to DSIRF used to sign an exploit.
According to the researchers, private sector offensive actors (PSOAs) such as DSIRF, makes their living by selling either full end-to-end hacking tools to the purchaser – identical to how Israeli spyware firm NSO operates – or by conducting offensive hacking operations itself.
Austria’s interior ministry said it is not aware of any incidents and has no business relationships with it.
“Of course, DSN (the National Security and Intelligence Directorate) checks the allegations. So far, there is no proof of the use of spy software from the company mentioned,” reads a statement published by Austria’s interior ministry.
Kurier, Austria’s local media outlet confirmed that the DSIRF manufactured the Subzero surveillance software, but added that it had not been misused and was developed exclusively for use by authorities in EU states- The newspaper also added that the spyware was not commercially available.
According to a report by the German news site Netzpolitik, the DSIRF promotes Subzero as the ‘next generation cyber warfare’ tool. It can access passwords to hijack devices and reveal user locations. Another one of the slides in that presentation showed multiple uses for spyware, including anti-terrorism and targeting human trafficking, and child pornography rings.
