Technology
Microsoft blocks Austrian firm selling spyware that enables unauthorized surveillance
According to the latest report, Microsoft’s Threat Intelligence Center (MSTIC) said that an Austrian company sold spyware that could monitor law firms, banks, and consulting firms without authorization.
Microsoft said that while Austrian DSIRF appears to be a legitimate company, research has found various links to the spyware SubZero (which Microsoft calls Knotweed), such as the command and control infrastructure used by the software linked to DSIRF, The GitHub account associated with DSIRF has carried out an attack and so on.
JOIN TIP3X ON TELEGRAM
Microsoft said the software had attacked law firms, banks, and strategic consultancies in countries including Austria, the United Kingdom, and Panama. The software, which is distributed via emailed PDF files, exploits zero-days that allow the software to gain control of the computer.
It is worth mentioning that SubZero software, as a Trojan virus, can completely control the attacked system. When the attack is successful, the software will lurk in the background and can capture screenshots, keylogging, and even download plugins from the server.
While the company still sells spyware, Microsoft has flagged the security flaw as CVE-2022-22047, and it has been fixed with a security patch. Therefore, Microsoft recommends that users keep system security patches updated and malware detection.
Moreover, DSIRF is a private attack company (Private-Sector Offensive Actors, referred to as PSOA), which Microsoft refers to as cyber mercenaries. DSIRF, which serves multinational companies in the technology, retail, energy, and financial sectors, has a suite of highly sophisticated technologies for collecting and analyzing information, according to its website.
In addition, the website shows that the company can conduct investigations and risk analysis through in-depth knowledge of individuals and entities, DSIRF has a highly skilled team to challenge your company’s key assets.