Commercialized cyberweapons continue to threaten consumers, businesses and governments. Microsoft believes that allowing private sector offensive actors, or PSOAs, to develop and sell surveillance and intrusion capabilities to unscrupulous governments and business interests endangers basic human rights.
We take this threat seriously, and today are announcing the disruption of the use of certain cyberweapons created and sold by a group Microsoft calls KNOTWEED. We observed attacks targeting law firms, banks and strategic consultancies in countries such as Austria, the United Kingdom and Panama. To limit these attacks, we issued a software update to mitigate the use of vulnerabilities and published malware signatures that will protect Windows customers from exploits Knotweed was using to help deliver its malware.
The Microsoft Threat Intelligence Center (MSTIC) has worked to build protections against Knotweed’s malware into our products. Technical information for customers and the security community is available here.
Knotweed is an Austrian-based PSOA named DSIRF that ostensibly sells general security and information analysis services to commercial customers. DSIRF has been linked to the development and attempted sale of a malware toolset called Subzero, which enables customers to hack into their targets’ computers, phones, network infrastructure and internet-connected devices.
In addition to using technical means to disrupt Knotweed, today we are also submitting written testimony to the House Permanent Select Committee on Intelligence Hearing on “Combatting the Threats to U.S. National Security from the Proliferation of Foreign Commercial Spyware”. This describes how we are increasingly seeing PSOAs selling their tools to authoritarian governments that act inconsistently with the rule of law and human rights norms, where they are used to target human rights advocates, journalists, dissidents and others involved in civil society. We welcome Congress’s focus on the risks and abuses we all collectively face from the unscrupulous use of surveillance technologies and encourage regulation to limit their use both here in the United States and elsewhere around the world.
We will continue to advocate around policy solutions to address the dangers caused when PSOAs build and sell weapons. We will also continue to name these groups, using the names given to trees and shrubs, as we’ve done previously with Sourgum.
Tags: cybersecurity, cyberweapons, malware, MSTIC, spyware