Multiple Windows, Adobe Zero-Days Anchor Knotweed Commercial Spyware

Microsoft flagged the companys Subzero tool set as on offer to unscrupulous governments and shady business interests.

A cyber-weapons broker dubbed Knotweed has been outed, with Microsoft flagging it as being behind numerous spyware attacks on law firms, banks, and strategic consultancies in countries around the world.
To boot, Knotweed has made a habit of incorporating rafts of Windows and Adobe zero-day exploits into its spyware since at least 2021, according to Microsoft.
Knotweed falls into a murky category of so-called private sector offensive actors (PSOAs, aka commercial spyware vendors) that hawk their wares to unscrupulous governments and business interests. These ultrasophisticated (and expensive) tools are often used against
dissidents, journalists, and other members of civil society
, but theyve been known to enable straightforward corporate espionage too.
The breed is best exemplified by the infamous NSO Group and Pegasus mobile spyware, but
many others lurk in the shadows
, Microsoft warned.
One such is Knotweed, which is an alias for an Austrian outfit called DSIRF. Its a company that, as
Microsoft explained in a post
on Wednesday, ostensibly sells general security and information analysis services to commercial customers. But thats only part of the story, according to the computing giant.
DSIRF has been linked to the development and attempted sale of a malware toolset called Subzero, which enables customers to hack into their targets computers, phones, network infrastructure and internet-connected devices, according to the analysis.
The aforementioned Microsoft and Adobe bugs in the tool set (detailed in
a technical breakdown
) have been seen in recent cyberattacks against targets in Austria, Panama, and the United Kingdom. In addition to publishing software updates to plug the holes on a regular basis, Microsoft has also published a Subzero malware signature for defense.
More action is needed on a broader level, given that DSIRF will not be the last PSOA to come to light, as Microsoft researchers explained in a brief sent to Congress on Wednesday.
We are increasingly seeing PSOAs
selling their tools to authoritarian governments
that act inconsistently with the rule of law and human rights norms, according to
the brief
(PDF). We welcome Congresss focus on the risks and abuses we all collectively face from the unscrupulous use of surveillance technologies and encourage regulation to limit their use both here in the United States and elsewhere around the world.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Multiple Windows, Adobe Zero-Days Anchor Knotweed Commercial Spyware