| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Denim Tsunami is a threat actor group that has been involved in targeted attacks against European and Central American customers. They have been observed using multiple Windows and Adobe 0-day exploits, including one for CVE-2022-22047, which is a privilege escalation vulnerability. Denim Tsunami developed a custom malware called Subzero, which has capabilities such as keylogging, capturing screenshots, data exfiltration, and running remote shells. They have also been associated with the Austrian spyware distributor DSIRF.
| 2023-01-23
⋅
zero day initiative
⋅
Activation Context Cache Poisoning: Exploiting CSRSS for Privilege Escalation Denim Tsunami |
| 2022-07-28
⋅
SOCRadar
⋅
Threats of Commercialized Malware: Knotweed Subzero Denim Tsunami |
| 2022-07-27
⋅
Microsoft
⋅
Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits Subzero Denim Tsunami |
| 2021-12-17
⋅
DSIRF
⋅
DSIRF Company Presentation Subzero |
| 2021-12-17
⋅
⋅
Netzpolitik.org
⋅
Wir enthüllen den Staatstrojaner „Subzero“ aus Österreich Subzero |
| 2021-11-19
⋅
⋅
FOCUS
⋅
Im Rätsel um gruselige Spionage-Software führt die Spur über Wirecard in den Kreml Subzero |