Microsoft says Austrian firm behind spyware targeting law firms, banks

By James Pearson

LONDON (Reuters) – Security researchers at Microsoft have said an Austrian firm was behind a string of digital intrusions at banks, law firms and strategic consultancies in at least three countries.

The firm, DSIRF, developed spyware – malicious software designed to spy on or steal information from a target’s device – called “Subzero” which uses so-called Zero-day exploits to access confidential information such as passwords, or logon credentials, Microsoft said in a blog post on Wednesday.

“Observed victims to date include law firms, banks, and strategic consultancies in countries such as Austria, the United Kingdom, and Panama,” the post said, without identifying the victims.

Vienna-based DSIRF, or DSR Decision Supporting Information Research Forensic GmbH, did not respond to email and telephone requests for comment.

Zero-day exploits are serious software flaws of great value to both hackers and spies because they work even when software is up to date.

The term comes from the amount of warning users get to patch their machines protectively; a two-day flaw is less dangerous because it emerges two days after a patch is available.

Some cybersecurity firms develop such tools to deploy alongside routine “pentesting”, or penetration testing, to test a company’s digital defences against malicious attacks.

“Microsoft’s interaction with a victim confirmed they had not consented to red teaming and malware deployment, and confirmed it was unauthorised activity,” Microsoft Security Unit general manager Cristin Goodwin, who authored the report, told Reuters.

According to a copy of an internal presentation published last year by German news website Netzpolitik, DSIRF advertises Subzero as a “next generation cyber warfare” tool which can take full control of a target’s PC, steal passwords, and reveal its location.

Another one of the slides in that presentation showed several uses for the spyware, including anti-terrorism and the targeting of human trafficking and child pornography rings.

Microsoft’s findings come as the United States and Europe mull tighter rules around vendors of spyware, a fast-growing and under-regulated global industry, and after the Pegasus spyware developed by Israel’s NSO was found to have been used by governments to spy on journalists and dissidents.

“This industry appears to be thriving,” Shane Huntley, Senior Director of the Threat Analysis Group at Alphabet, told a U.S. House of Representatives committee on Wednesday.

(Reporting by James Pearson; Additional reporting by Zeba Siddiqui in San Francisco; Editing by David Holmes)