Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Austria. Show all posts

Austrian Firm DSIRF Under Investigation for Allegedly Developing Spyware

 

The Austrian government announced last week it was investigating a firm based within the nation’s territory for allegedly designing spyware targeting law firms, banks, and consultancies across Europe and Central America. 

The news comes after researchers at Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) linked a hacking group called Knotweed to an Austrian surveillance firm named DSIRF, known for multiple Windows and Adobe zero-day exploits. 

"Observed victims to date include law firms, banks, and strategic consultancies in countries such as Austria, the United Kingdom, and Panama," the researchers stated, without identifying the victims. 

The researchers unearthed Subzero malware (CVE-2022-22047) deployed in 2021 and 2022 to hack a broad range of devices, phones, computers, and internet-connected devices. Additionally, multiple pieces of evidence were identified that linked DSIRF to Knotweed’s operation, including the C2 infrastructure used by Subzero, and the code signing certificate issued to DSIRF used to sign an exploit. 

According to the researchers, private sector offensive actors (PSOAs) such as DSIRF, makes their living by selling either full end-to-end hacking tools to the purchaser – identical to how Israeli spyware firm NSO operates – or by conducting offensive hacking operations itself. 

Austria’s interior ministry said it is not aware of any incidents and has no business relationships with it.

“Of course, DSN (the National Security and Intelligence Directorate) checks the allegations. So far, there is no proof of the use of spy software from the company mentioned,” reads a statement published by Austria’s interior ministry. 

Kurier, Austria’s local media outlet confirmed that the DSIRF manufactured the Subzero surveillance software, but added that it had not been misused and was developed exclusively for use by authorities in EU states- The newspaper also added that the spyware was not commercially available. 

According to a report by the German news site Netzpolitik, the DSIRF promotes Subzero as the ‘next generation cyber warfare’ tool. It can access passwords to hijack devices and reveal user locations. Another one of the slides in that presentation showed multiple uses for spyware, including anti-terrorism and targeting human trafficking, and child pornography rings.

Alexander Baranov says Russia has nothing to do with the cyberattack on the friendly Austrian Foreign Ministry


The hacker attack that the Austrian Ministry of Foreign Affairs underwent prompted European countries to take active measures to defend against such attacks. At the same time, the EU accuses Moscow of the attack, which makes no sense, given the friendly relations between Russia and Austria. Alexander Baranov, head of the Department of Information Security at the National Research University, commented on the situation.

According to the expert, anti-Russian accusations once again show the policy of Western "hawks" who regularly make groundless statements to undesirable countries.
"These accusations are completely groundless and are not supported by any arguments," Baranov said.

He stressed that Russia has absolutely no interest in attacking the Austrian Foreign Ministry. In addition, Austria supports the implementation of major projects, such as the Nord Stream 2 gas pipeline.

"This is one of the friendliest countries in the European Union, I think. Therefore, I do not see any sense to attack its foreign Ministry, especially since the country is small and it does not play a decisive role," the expert believes.

In his opinion, the provocation is obvious in order to worsen relations between the countries.
"One of the most famous methods of hackers is to carry out an attack from the territory of States that have nothing to do with it. Most often it is China or India," Baranov explained.

The expert reminded that it is now almost impossible to track the end user if he uses an anonymizer. It is possible that the European security forces were able to establish any facts, but they are not able to make them public because of the secrecy.

He added that European politicians enjoy their impunity by regularly making unfounded accusations.
"Representatives of Russia have repeatedly asked for facts, but there is nothing, there is only empty talk," the expert concluded.

A hacker attack on the Austrian Foreign Ministry occurred in early January. In Vienna, they believe that the incident has a Russian trace while recognizing the absence of any evidence.

Earlier, the Austrian newspaper DiePresse reported that a number of EU countries decided to form a group to protect themselves from cyber attacks from Russia. Vienna will work together with Germany, the Czech Republic, Belgium and Cyprus on this issue. These States consider themselves to be "victims of a Russian cyber-espionage".