July 28 - Microsoft's Threat Intelligence Center (MSTIC) says an Austrian company sold spyware that was able to monitor computers at law firms, banks and consulting firms without authorization, according to The Register.
Microsoft said that while DSIRF, an Austrian company that appears to be a legitimate company, research has found various links to the spyware SubZero, which Microsoft calls Knotweed, For example, the command and control infrastructure used by the software was connected to DSIRF, and a GitHub account associated with DSIRF was attacked.
The software has targeted law firms, banks and strategy consulting firms in countries including Austria, Britain and Panama, Microsoft said. The software, which is distributed through e-mailed PDF files, was able to gain control of a computer using a zero-days bug.
It is worth mentioning that SubZero software as a Trojan virus, it can completely control the attacked system. When the attack is successful, the software lurks in the background and can capture screen shots, keystrokes and even download plug-ins from the server.
While the company still sells spyware, Microsoft has labeled the vulnerability CVE-2022-22047 and fixed it with a security patch. Therefore, Microsoft advises users to keep system security patches up to date and malware detection.
IT House has learned that DSIRF is a Private Sector Offensive Actors (PSOAs), a group of companies that Microsoft calls Cyber mercenaries. DSIRF serves multinational companies in the technology, retail, energy and financial sectors and has a highly sophisticated set of technologies to collect and analyze information, according to the company's website.
In addition, the website shows that the company can conduct investigation and risk analysis through in-depth knowledge of individuals and entities. DSIRF has a highly skilled team to challenge your company's key assets.