AT

Denim TsunamiDenim Tsunami

Also known as: KNOTWEED · DSIRF · Denim Tsunami

Origin
AT
Known aliases
3

Profile

Denim Tsunami is a threat actor group that has been involved in targeted attacks against European and Central American customers. They have been observed using multiple Windows and Adobe 0-day exploits, including one for CVE-2022-22047, which is a privilege escalation vulnerability. Denim Tsunami developed a custom malware called Subzero, which has capabilities such as keylogging, capturing screenshots, data exfiltration, and running remote shells. They have also been associated with the Austrian spyware distributor DSIRF.

Aliases· 3

KNOTWEEDDSIRFDenim Tsunami

References

  1. https://www.thezdi.com/blog/2023/1/23/activation-context-cache-poisoning-exploiting-csrss-for-privilege-escalation
  2. https://socradar.io/threats-of-commercialized-malware-knotweed/
  3. https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Velvet Tempest
Actor
Carmine Tsunami
Actor
DarkHotel
Actor
DefrayX
Actor
Caramel Tsunami
Actor
Lilac Typhoon
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.