Microsoft Detects, Patches Zero-Day Exploit Used to Target European, Central American Users

Microsoft has published a report apprising its customers about a vulnerability to improve detection of these attacks.

Advertisement
By Sourabh Kulesh | Updated: 28 July 2022 14:29 IST
Highlights
  • Cybercriminals sold, used Subzero malware to attack customers
  • The attack was seen in Austria, Panama, and the UK
  • Knotweed promotes itself as data-driven intelligence services provider

Subzero malware can be used to hack targets’ phones and internet devices

Photo Credit: Reuters

Microsoft has published an analysis of Knotweed, a private-sector offensive actor (PSOA) that developed and used a malware called Subzero to attack Windows as well as Adobe customers by using multiple zero-day exploits. The company intends to use the analysis to inform customers and industry partners to improve detection of these attacks. The company says that the exploit, which included the one that was patched in the July 2022 security update, was used to target customers in Europe and Central America.

The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) found the Austria-based PSOA which was carrying out limited and targeted attacks against European and Central American customers by using malware called Subzero. The malware can be used to hack targets' phones, computers, networks as well as internet-connected devices.

Advertisement

As per Microsoft, Knotweed was not only selling the hacking tools to third parties but also running targeted operations. The Windows-maker was able to spot two business models — access-as-a-service and hack-for-hire — associated with the “cyber mercenaries.”

“In access-as-a-service, the PSOA sells full end-to-end hacking tools that can be used by the purchaser in operations, with the PSOA not involved in any targeting or running of the operation,” Microsoft said. In hack-for-hire, the actor runs the targeted operations based on the detailed information provided by the purchaser. Microsoft observed Knotweed-associated infrastructure in some attacks, suggesting a combination of both business tactics deployed by cyber criminals.

Advertisement

Citing a web archive link of DSIRF (the name by which Knotweed is publicly known), Microsoft says MSTIC found the Subzero malware being deployed through a variety of methods, including zero-day exploits in Windows and Adobe Reader, in 2021 and 2022. It says that the victims of the attacks include law firms, banks, and strategic consultancies in countries such as Austria, Panama, and the United Kingdom.

As per the website, DSIRF offers data-driven intelligence services in the form of research and forensics to corporations.

Advertisement

Microsoft says it will continue to monitor Knotweed's activities “and implement protections for our customers.” The company is also encouraging quick deployment of the July 2022 Microsoft security updates to protect their systems against exploits. “Microsoft Defender Antivirus and Microsoft Defender for Endpoint have also implemented detections against Knotweed's malware and tools,” it said.


Why is Oppo making strange choices with its flagship Reno series? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.
 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. BSNL Satellite Phone With Inmarsat Connectivity Launched in India
  2. Dell's Pro Precision Workstation Lineup Debuts in India: See Price, Features
  1. Samsung Galaxy Z Flip 8 Could Mark the End of Flip the Company's Foldables, Tipster Claims
  2. WhatsApp Might Be Working on a Birthday Notification Feature for Saved Contacts
  3. Samsung Galaxy Tab S12+ Listed on Safety Korea Certification Database With Live Images: Report
  4. BSNL Satellite Phone With Inmarsat Connectivity Launched in India: Price, Features
  5. Redmi Note 17 Pro Battery, Display Details Teased as Handset Surfaces on Taiwan's NCC Database
  6. Xiaomi 18 Pro Detailed Specifications Leaked, Might Feature Two 200-Megapixel Cameras, Snapdragon 8 Gen 6 Series Chip
  7. Samsung Galaxy Z Fold 8 Ultra Could Borrow Galaxy S26 Ultra Camera Features, Tipster Claims
  8. Xbox Game Pass Has Reportedly Lost 4 Million Subscribers Since 2024
  9. Google Photos Updated With Video Remix Feature Powered By Gemini Omni
  10. Dell Pro Precision 5, Pro Precision 7, Pro Precision 7 T1 Series Launched in India With Up to Intel Core Ultra Series 3 Chips
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.