Business Essentials for Professionals


Microsoft Accuses An Austrian Spy Business Of Developing A Hacking Tool For EU Member States

Microsoft Accuses An Austrian Spy Business Of Developing A Hacking Tool For EU Member States
Microsoft said an Austrian firm built malicious software that was identified on the computer systems of some of its clients in at least three countries, but the espionage tool "Subzero" was solely for official use in EU states.
Microsoft stated that the spying software, or spyware, capable of obtaining personal information such as passwords or logon credentials, had been implemented at an indeterminate number of unidentified banks, law firms, and strategic consultancies.
"Subzero is a software of the Austrian DSIRF GesmbH, which has been developed exclusively for official use in states of the EU. It is neither offered, sold nor made available for commercial use," DSIRF said in an emailed statement.
"In view of the facts described by Microsoft, DSIRF resolutely rejects the impression that it has misused Subzero software," it added.
It was unclear which EU member state governments were using the technology, if any. DSIRF did not respond to requests for additional information.
Austria's interior minister notified local news agency APA that it was looking into the Microsoft allegations. The ministry did not respond to calls for comment from Reuters.
Spyware tools have received increased attention in Europe and the United States with the discovery that Pegasus, spyware built by Israel's NSO, was used by governments to spy on journalists and dissidents.
DSIRF stated that they had commissioned an independent expert to study the vulnerabilities presented by Microsoft and had approached the US tech behemoth for "operation on the matter."
Microsoft declined to comment further.
In a blog post published on Thursday, the business stated that DSIRF had created four so-called "zero-day vulnerabilities," which are major software weaknesses of enormous importance to both hackers and spies since they function even when software is up to date.
In an internal presentation advertising Subzero that was revealed last year by the German news website Netzpolitik, DSIRF listed a few former commercial clients as references.
SIGNA Retail and Dentons, two of the companies included in the presentation, said Reuters they had not utilised the malware and had declined to be a reference for the company.
A request for comment on the matter was not responded to by DSIRF.

Christopher J. Mitchell

Markets | Companies | M&A | Innovation | People | Management | Lifestyle | World | Misc