Published in News

Austrian outfit hacked European and Central American companies

by on29 July 2022


Microsoft furious

Austria-based company named DSIRF used multiple Windows and Adobe Reader zero-days to hack organisations located in Europe and Central America.

DSIRF has been linked to Subzero, a malicious toolset for “automated exfiltration of sensitive/private data” and “tailored access operations [including] identification, tracking and infiltration of threats.” So far DSIRF has made no comment on the allegations.

The Microsoft Threat Intelligence Center found Subzero malware infections spread through a variety of methods, including the exploitation of what at the time were Windows and Adobe Reader zero-days, meaning the attackers knew of the vulnerabilities before Microsoft and Adobe did.

Targets of the attacks are law firms, banks, and strategic consultancies in countries such as Austria, the UK, and Panama, although those aren’t necessarily the countries in which the DSIRF customers who paid for the attack resided.

Vole said that its Microsoft Threat Intelligence Centerhas found multiple links between DSIRF and the exploits and malware used in these attacks.

"These include command-and-control infrastructure used by the malware directly linking to DSIRF, a DSIRF-associated GitHub account being used in one attack, a code signing certificate issued to DSIRF being used to sign an exploit, and other open source news reports attributing Subzero to DSIRF.”

 

Last modified on 29 July 2022
Rate this item
(0 votes)

Read more about: