According to Microsoft, an Austrian company is behind spyware that targets law firms and banks

A Microsoft logo is seen on a pop-up site at Roosevelt Field in Garden City, New York July 29, 2015. REUTERS/Shannon Stapleton

Sign up now for FREE unlimited access to Reuters.com

to register

LONDON, July 27 (Reuters) – Security researchers from Microsoft (MSFT.O) have said an Austrian firm is behind a series of digital breaches at banks, law firms and strategic consultancies in at least three countries.

DSIRF company has developed spyware – malicious software designed to spy on a target’s device or steal information from a target device – called “Subzero” that uses so-called zero-day exploits to access sensitive information such as passwords or login credentials access, Microsoft said in a blog post on Wednesday.

“Victims observed so far include law firms, banks and strategic consulting firms in countries such as Austria, Great Britain and Panama,” the article says, without naming the victims.

Sign up now for FREE unlimited access to Reuters.com

to register

Vienna-based DSIRF, or DSR Decision Supporting Information Research Forensic GmbH, did not respond to email and phone requests for comment.

Zero-day exploits are serious software flaws that are of great value to both hackers and spies because they work even on current software.

The term comes from the amount of warnings users receive to patch their machines protectively; A two-day bug is less dangerous because it occurs two days after a patch becomes available.

Some cybersecurity firms develop such tools to use alongside routine “pent-testing,” or penetration testing, to test an organization’s digital defenses against malicious attacks.

“Microsoft’s interaction with a victim confirmed that they had not consented to red teaming and malware deployment, and confirmed that this was unauthorized activity,” said Cristin Goodwin, general manager of the Microsoft Security Unit, which authored the report. to Reuters.

According to a copy of an internal presentation published by German news site Netzpolitik last year, DSIRF is touting Subzero as a next-generation “cyber warfare” tool that will take full control of a target’s PC, stealing passwords and reveal its location.

Another of the slides in this presentation showed multiple uses for the spyware, including counter-terrorism and combating human trafficking and child pornography rings.

Microsoft’s findings come as the United States and Europe are considering tougher rules on spyware vendors, a fast-growing and underregulated global industry, and after discovering that the Pegasus spyware developed by Israel’s NSO was being used by governments to spy on journalists and dissidents.

“This industry appears to be thriving,” Shane Huntley, senior director of Alphabet’s (GOOGL.O) threat analysis group, told a U.S. House committee on Wednesday.

Sign up now for FREE unlimited access to Reuters.com

to register

Reporting by James Pearson; Additional reporting by Zeba Siddiqui in San Francisco; Adaptation by David Holmes

Our standards: The Thomson Reuters Trust Principles.

Comments are closed.