Microsoft Detects, Patches Zero-Day Exploit Used to Target European, Central American Users
Microsoft has published a report apprising its customers about a vulnerability to improve detection of these attacks.
Advertisement
Highlights
- Cybercriminals sold, used Subzero malware to attack customers
- The attack was seen in Austria, Panama, and the UK
- Knotweed promotes itself as data-driven intelligence services provider
Subzero malware can be used to hack targets’ phones and internet devices
Photo Credit: Reuters
Microsoft has published an analysis of Knotweed, a private-sector offensive actor (PSOA) that developed and used a malware called Subzero to attack Windows as well as Adobe customers by using multiple zero-day exploits. The company intends to use the analysis to inform customers and industry partners to improve detection of these attacks. The company says that the exploit, which included the one that was patched in the July 2022 security update, was used to target customers in Europe and Central America.
The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) found the Austria-based PSOA which was carrying out limited and targeted attacks against European and Central American customers by using malware called Subzero. The malware can be used to hack targets' phones, computers, networks as well as internet-connected devices.
As per Microsoft, Knotweed was not only selling the hacking tools to third parties but also running targeted operations. The Windows-maker was able to spot two business models — access-as-a-service and hack-for-hire — associated with the “cyber mercenaries.”
“In access-as-a-service, the PSOA sells full end-to-end hacking tools that can be used by the purchaser in operations, with the PSOA not involved in any targeting or running of the operation,” Microsoft said. In hack-for-hire, the actor runs the targeted operations based on the detailed information provided by the purchaser. Microsoft observed Knotweed-associated infrastructure in some attacks, suggesting a combination of both business tactics deployed by cyber criminals.
Advertisement
Citing a web archive link of DSIRF (the name by which Knotweed is publicly known), Microsoft says MSTIC found the Subzero malware being deployed through a variety of methods, including zero-day exploits in Windows and Adobe Reader, in 2021 and 2022. It says that the victims of the attacks include law firms, banks, and strategic consultancies in countries such as Austria, Panama, and the United Kingdom.
As per the website, DSIRF offers data-driven intelligence services in the form of research and forensics to corporations.
Advertisement
Microsoft says it will continue to monitor Knotweed's activities “and implement protections for our customers.” The company is also encouraging quick deployment of the July 2022 Microsoft security updates to protect their systems against exploits. “Microsoft Defender Antivirus and Microsoft Defender for Endpoint have also implemented detections against Knotweed's malware and tools,” it said.
Why is Oppo making strange choices with its flagship Reno series? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.
Further reading:
Microsoft, Knotweed, Subzero, Malware, Zero Day Exploit, Cybersecurity, Windows, Adobe
Advertisement