Microsoft has unveiled a European cybersecurity company. In fact, he was said to be selling spyware that was used to spy on various institutions in several countries.
DSIRF is an Austrian company offering cyber security solutions. It also sells services in the field of personal recognition (HUMINT) and white intelligence (OSINT). According to Microsoft’s security experts, instead of cyber security, it was primarily concerned with selling spyware using previously unknown vulnerabilities in Windows. Experts from the Microsoft Threat Intelligence Center followed her behavior and gave her the nickname KNOTWEED. He was said to have developed malware called Subzero, which was used to spy on law firms, banks and consultancies in the UK, Austria and Panama. Subzero exploited vulnerabilities in Windows and Adobe Reader – which have already been patched by Microsoft and Adobe.
Microsoft found plenty of evidence linking Subzero to the Austrian company. This includes the command and control infrastructure to be linked to the DSIRF. Like the GitHub account used in one of the attacks, it is linked to the Austrians. The experts also found code signing certificates issued for DSIRF and other information linking the software to its actual developers. Although it is not known whether Microsoft informed the relevant services about the incident, the information about Subzero and DSIRF matches the documents of representatives of the technology giant, which were made available to the US intelligence commission.
Nor is it the first time Microsoft has exposed companies behind the sale of spyware that exploits Windows vulnerabilities. Last year, the Israeli company Candiru was accused of selling “espionage tools” used to eavesdrop and monitor more than 100,000 people. people from different countries.
Details related to DSIRF’s activities, including the vulnerabilities it exploits in Windows, can be found in extensive material prepared by a team of Microsoft security analysts and engineers working within the Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC). And if you’re interested in watching yesterday’s committee meeting, you can find the transcript below:
It’s time to fight against tracking and the widespread use of spyware
Microsoft calls for decisive action in a written report sent to the House Intelligence Committee. The company specifically states that practices that exploit software and security vulnerabilities should be referred to as cyberweapons. Freedom of speech and human rights are at stake. Company officials are calling on the United States to seize this opportunity to start a debate about spyware — on an international level. The result should be the creation of global standards and regulations that treat these types of threats in the same way as other weapons.
People who have recently dealt with Pegasus attacks – a spyware that is popular all over the world – and in Poland also testified before the commission. One of them was Carine Kanimba. The daughter of jailed activist Paul Rusesabagina, who called for his release, was said to be the victim of foreign service surveillance using spyware to find “hooks” on inconvenient people.
John Scott-Railton of Citizen Lab, a company that publishes Pegasus wiretapping cases, also testified. He stated that the reality that surrounds us is changing. Increasingly easy access to “more sophisticated and invasive surveillance techniques”, until recently used by a small group of countries, means that they are now being used excessively to fight, among others, the opposition. The culprits, in his opinion, are the so-called “mercenary espionage companies”, which provide tools to which even the US government is not immune.
Featured Image: Microsoft