Denim Tsunami  (Back to overview)


Denim Tsunami is a threat actor group that has been involved in targeted attacks against European and Central American customers. They have been observed using multiple Windows and Adobe 0-day exploits, including one for CVE-2022-22047, which is a privilege escalation vulnerability. Denim Tsunami developed a custom malware called Subzero, which has capabilities such as keylogging, capturing screenshots, data exfiltration, and running remote shells. They have also been associated with the Austrian spyware distributor DSIRF.

Associated Families

There are currently no families associated with this actor.

2023-01-23zero day initiativeSimon Zuckerbraun
Activation Context Cache Poisoning: Exploiting CSRSS for Privilege Escalation
Denim Tsunami
Threats of Commercialized Malware: Knotweed
Subzero Denim Tsunami
2022-07-27MicrosoftMicrosoft Security Response Center (MSRC), Microsoft Threat Intelligence Center (MSTIC), RiskIQ
Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
Subzero Denim Tsunami

Credits: MISP Project