Microsoft Spots Cyber Mercenaries Using Windows, Adobe Zero-Day Exploits

pcmag.com:

A cyber mercenary company in Austria has likely been using zero-day exploits in Windows and Adobe software to spread malware to victims, according to Microsoft.

Microsoft made the allegation in a report(Opens in a new window) on Wednesday that linked the malware attacks to a mysterious intel-gathering firm in Austria called DSIRF. Redmond claims DSIRF is actually a professional hacking company that sells access to its “Subzero” malware tool to clients. 

Over the past two years, Microsoft has detected the Subzero malware circulating to computers with the help of previously unknown vulnerabilities in both Windows and Adobe Reader. “Observed victims to date include law firms, banks, and strategic consultancies in countries such as Austria, the United Kingdom, and Panama,” the company added. 

Back in May, Microsoft detected one such attack that involved sending a malicious PDF through email in order to infect the user’s computer. The PDF was designed to exploit a vulnerability in Adobe Reader to remotely execute computer code on the victim’s machine. The attack could then elevate privileges to run system level-code by leveraging a previously unknown flaw(Opens in a new window) in Windows, dubbed CVE-2022-22047, which Microsoft only patched earlier this month. 

Chaining the two vulnerabilities together allegedly enabled DSIRF to download and install the Subzero malware onto the victim’s computer. According to Microsoft, the malware’s main component allows it to log keyboard strokes, capture screenshots, steal files and run additional programs over the hijacked machine. 

In addition to using PDFs, Microsoft has also detected DSIRF relying on Excel documents containing malicious macros to secretly spread Subzero. 

The company