A new cyber espionage case hits Europe

A new cyber espionage case hits Europe

You will also be interested


[EN VIDÉO] Cyber ​​espionage: what are the threats?
Interference in elections, theft of industrial data, hacking into military systems… Cyber ​​espionage has taken off in the last two decades.

Cabinets oflawyers, banks, strategy consulting firms in Austria, the United Kingdom, or even Panama, all these organizations have been spied on by a company called DSIRF. Registered in Austria, this company exploited loopholes in Windows and Adobe’s PDF reader to collect data from victims’ computers. These are the researchersa Microsoft Threat Intelligence Center (MSTIC) who detected these hacks and identified their author.

The malicious tools, certificates used and a GitHub account, led the members of the MSTIC to this company which works in cybermercenary. The attack was dubbed Knotweed by Microsoft. It was in May 2022 that MSTIC discovered remote code execution via Adobe Reader. It was associated with a fault zero day Windows now identified as CVE-2022-22047 and since fixed.

Cyber ​​mercenaries

The vulnerability allowed elevation of privilege in order to take control of the computer. The payload was malware developed by DSRIF dubbed SubZero. It grants full control to the compromised system. It was hosted in a PDF document or an Excel file with macros sent to the victim via email.

That a private company specializing in cyber espionage performing this kind of operation is nothing new. This was the case last year with the Israeli company NSO and its software for mobiles Pegasus which targeted journalists, lawyers, politicians and activists. The clients of these companies are very often states.

Interested in what you just read?

fs1