According to the Microsoft Threat Intelligence Center (MSTIC), a company in Austria has been selling spyware that targets zero-day Windows flaws. In a technical blog post on Wednesday, the company says it has also given written testimony to a House Intelligence Committee hearing regarding the use of commercial spyware.
Microsoft tracks the Austrian provider as KNOTWEED, but the company's official name is DSIRF. It seems the developer created spyware known as Subzero that is capable o spying on activity across a system.
Customers who bought the spyware used it to target banks, law firms, and consultancy firms in the UK, Panama, and Austria. Microsoft Threat Intelligence Center says DSIRF was able to develop the spyware by taking advantage of a zero-day exploit in Windows and Adobe Reader.
However, the company points out it has since released a patch for the vulnerability.
On the surface, DSIRF positions itself as a company that helps corporations carry out risk analysis through accumulating business intelligence data. However, Microsoft says the company is nefariously selling spyware:
MSTIC has found multiple links between DSIRF and the exploits and malware used in these attacks. These include command-and-control infrastructure used by the malware directly linking to DSIRF, a DSIRF-associated GitHub account being used in one attack, a code signing certificate issued to DSIRF being used to sign an exploit, and other open-source news reports attributing Subzero to DSIRF.
Microsoft says it has separately provided a written testimony document to the hearing on “Combatting the Threats to U.S. National Security from the Proliferation of Foreign Commercial Spyware,” held July 27th. In the testimony, the company discusses the rise of commercial spyware around the world:
“Over a decade ago, we started to see companies in the private sector move into this sophisticated surveillance space as autocratic nations and smaller governments sought the capabilities of their larger and better resourced counterparts,” the testimony reads.
“In some cases, companies were building capabilities for governments to use consistent with the rule of law and democratic values. But in other cases, companies began building and selling surveillance as a service … to authoritarian governments or governments acting inconsistently with the rule of law and human rights norms.”
Tip of the day: Is your system drive constantly full and you need to free up space regularly? Try Windows Disk Cleanup in extended mode which goes far beyond the standard procedure. Our tutorial also shows you how to create a desktop shortcut to run this advanced method right from the desktop.