"Multiple Windows, Adobe Zero-Days Anchor Knotweed Commercial Spyware"
Knotweed, a cyber-weapons broker, has been identified by Microsoft as the source of numerous spyware attacks against law firms, banks, and strategic consultancies around the world. Furthermore, according to Microsoft, Knotweed has been incorporating a slew of Windows and Adobe zero-day exploits into its spyware since at least 2021. Knotweed is classified as a Private Sector Offensive Actor (PSOA), also known as a commercial spyware vendor, that sells wares to governments and business interests. These sophisticated and expensive tools are often used against dissidents, journalists, and other members of civil society, but they have also been used to enable corporate espionage. The infamous NSO Group and Pegasus mobile spyware are the most well-known examples, but Microsoft warned that there are many others out there. Knotweed, for example, is an alias for the Austrian organization called DSIRF, which seemingly sells general security and information analysis services to commercial customers. However, DSIRF has been linked to the creation and attempted sale of Subzero, a malware toolkit that allows customers to hack into their targets' computers, phones, network infrastructure, and Internet-connected devices. Recent cyberattacks against targets in Austria, Panama, and the United Kingdom have involved the exploitation of Microsoft and Adobe bugs included the tool set. Microsoft has published a Subzero malware signature for defense, in addition to regular software updates to plug the holes. This article continues to discuss Microsoft's flagging of the cyber-weapons broker Knotweed.
Dark Reading reports "Multiple Windows, Adobe Zero-Days Anchor Knotweed Commercial Spyware"