| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Denim Tsunami is a threat actor group that has been involved in targeted attacks against European and Central American customers. They have been observed using multiple Windows and Adobe 0-day exploits, including one for CVE-2022-22047, which is a privilege escalation vulnerability. Denim Tsunami developed a custom malware called Subzero, which has capabilities such as keylogging, capturing screenshots, data exfiltration, and running remote shells. They have also been associated with the Austrian spyware distributor DSIRF.
There are currently no families associated with this actor.
| 2023-01-23
⋅
zero day initiative
⋅
Activation Context Cache Poisoning: Exploiting CSRSS for Privilege Escalation Denim Tsunami |
| 2022-07-28
⋅
SOCRadar
⋅
Threats of Commercialized Malware: Knotweed Subzero Denim Tsunami |
| 2022-07-27
⋅
Microsoft
⋅
Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits Subzero Denim Tsunami |