The Microsoft Threat Intelligence Center (MSTIC) has identified a link between a malicious group known as Knotweed and a private sector actor called DSIRF. The group uses the malware toolkit under the zero attacking their targets, mainly targeting assets Europe and Central America.
Although its website is currently down, DSIRF claimed to provide “information research, forensics and data-based intelligence services for institutions”. However, the company has been associated with the development of the malware. under the zerowhy used to hack mobile phones, computers and devices internet connected destinations.
In an official blog post, Microsoft revealed all of its research work on the Knotweed group. In the same post, the company makes several comments. Links Among the malicious tools used in DSIRF and the group’s attacks. This includes, according to Microsoft, “a GitHub account associated with DSIRF used on a system. attack“, among other elements.
Last year, Knotweed used a chain of vulnerabilities twice in the Windows operating system and once in the Adobe Reader program. All these flaws were fixed in June 2021.
Source: Tec Mundo
