(Reuters) — Security researchers at Microsoft have said an Austrian company was behind a series of digital breaches at banks, law firms and strategic consultancies in at least three countries.
The firm, DSIRF, developed spyware — malware designed to spy on or steal information from a target’s device — called “Subzero,” which uses so-called zero-day exploits to access confidential information such as passwords or login credentials, Microsoft said in a blog post on Wednesday.
“Noted victims so far include law firms, banks and strategic consultancies in countries such as Austria, the UK and Panama,” the post said, without identifying the victims.
Vienna-based DSIRF, or DSR Decision Supporting Information Research Forensic GmbH, did not respond to email and phone requests for comment.
Zero-day exploits are serious software flaws of great value to both hackers and spies because they work even when the software is updated.
The term comes from the amount of warnings users receive to patch their machines protectively; a two-day bug is less dangerous because it appears two days after a patch is available.