create account

Windows, Adobe Zero-Days Used to Deploy Subzero Malware by yehey

View this thread on: hive.blogpeakd.comecency.com
cybersecurity · @yehey ·
$2.29
Windows, Adobe Zero-Days Used to Deploy Subzero Malware
<h1>Attacks With Subzero Surveillance Malware</h1>

Microsoft reported Subzero attacks against Microsoft customers in Austria, the United Kingdom, and Panama. The targeted entities are law firms, banks, and strategic consultancies. MSTIC states that the KNOTWEED’s Subzero malware was deployed in multiple ways, the IT giant referred the different stages of Subzero malware as Jumplump for the persistent loader and Corelump for the main malware.

<a href="https://que.com"><img src="https://que.com/wp-content/uploads/2022/07/pexels-photo-5380792.jpeg"></a>
Source: https://QUE.com

Once compromised the system, threat actors drop the Corelump downloader and inject it directly in memory to evade detection. It supports multiple features, including keylogging, capturing screenshots, exfiltrating files, running a remote shell, and running arbitrary plugins downloaded from KNOTWEED’s C2 server.

Microsoft researchers observed a variety of post-compromise actions on infected systems:

- Setting of UseLogonCredential to “1” to enable plaintext credentials
- Credential dumping via comsvcs.dll
- Attempt to access emails with dumped credentials from a KNOTWEED IP address
- Using Curl to download KNOTWEED tooling from public file shares such as vultrobjects[.]com
- Running PowerShell scripts directly from a GitHub gist created by an account associated with DSIRF

Researchers from threat intelligence firm RiskIQ, using passive DNS data related to Knotweed attacks, linked the C2 infrastructure used by the malware since February 2020 to DSIRF.
One of the zero-day exploits used in Knotweed attacks was triggering the recently patched CVE-2022-22047 issue. The attackers used this exploit to escalate privileges, escape sandboxes, and gain system-level code execution on the vulnerable system.

Source: https://securityaffairs.co/wordpress/133736/malware/dsirf-behind-subzero-malware.html

<h1>Microsoft: Windows, Adobe Zero-Days Used to Deploy Subzero Malware</h1>
Microsoft has linked a threat group known as Knotweed to an Austrian spyware vendor also operating as a cyber mercenary outfit named DSIRF that targets European and Central American entities using a malware toolset dubbed Subzero.

On its website, DSIRF promotes itself as a company that provides information research, forensics, and data-driven intelligence services to corporations.

However, it has been linked to the development of the Subzero malware that its customers can use to hack targets’ phones, computers, and network and internet-connected devices.

Continue reading: https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-adobe-zero-days-used-to-deploy-subzero-malware/

More Cyber Security news and articles: Visit https://QUE.com/tag/cybersecurity
👍  , , , , , , , , , , , , , ,
properties (23)
authoryehey
permlinkwindows-adobe-zero-days-used-to-deploy-subzero-malware
categorycybersecurity
json_metadata{"tags":["cybersecurity","malware","microsoft","subzero","zeroday","yehey","hive"],"image":["https://que.com/wp-content/uploads/2022/07/pexels-photo-5380792.jpeg"],"links":["https://que.com"],"app":"hiveblog/0.1","format":"markdown"}
created2022-07-28 18:12:36
last_update2022-07-28 18:12:36
depth0
children0
last_payout2022-08-04 18:12:36
cashout_time1969-12-31 23:59:59
total_payout_value1.148 HBD
curator_payout_value1.143 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length2,746
author_reputation22,184,787,552,504
root_title"Windows, Adobe Zero-Days Used to Deploy Subzero Malware"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id115,237,803
net_rshares2,920,670,396,420
author_curate_reward""
vote details (15)
Help/Feedback