Microsoft

Microsoft Identifies Windows, Adobe Zero-Day Cyber Mercenary

fMicrosoft

Microsoft said an Austrian cyber mercenary outfit distributed malware using zero-day Windows and Adobe weaknesses.

Research on Wednesday connected malware attacks to an Austrian outfit called DSIRF. Microsoft alleges DSIRF is a hacker firm that offers its “Subzero” malware weapon.

More From Us:LG, SoundHound Partner for AI Voice Control in Cars

Microsoft has spotted Subzero malware propagating with Windows and Adobe Reader vulnerabilities for two years. Law firms, banks, and strategic consultancies in Austria, the UK, and Panama have been victims, the company said.

Microsoft noticed an attack in May that used emailing a malicious PDF to infect a user’s PC. The PDF exploited Adobe Reader to remotely execute code on the victim’s PC. The attack might launch system-level malware by exploiting a previously undiscovered Windows hole, CVE-2022-22047, which Microsoft patched this month.

Chaining the two vulnerabilities allegedly allowed DSIRF to install Subzero on the victim’s machine. Microsoft says the malware can monitor keyboard strokes, collect screenshots, steal files, and run additional programmes on a compromised laptop.

The business links the attacks to DSIRF based on the Subzero malware’s communication servers and domains. Microsoft’s threat intelligence business RiskIQ identified “a host of additional IP addresses” under hackers’ control.

This process yielded several domains with direct links to DSIRF, including demo3[.]dsirf[.]eu (the company’s website) and several subdomains that appear to have been used for malware development, including debugmex[.]dsirflabs[.]eu (likely a server used for debugging malware with Mex) and szstaging[.]dsirflabs[.]eu

DSIRF declined to comment. Microsoft urges consumers to address Windows bug CVE-2022-22047. Installing Windows updates helps.
Microsoft Defender Antivirus may now identify Subzero malware. Microsofft wasn’t able to pinpoint the Adobe Reader vulnerability, which the company assumes with “medium confidence” is a publicly unknown weakness.

Leave a Comment

Your email address will not be published.