Microsoft connected the Knotweed threat actor to the Austrian surveillance firm DSIRF that has been targeting entities in Central America and Europe with the Subzero surveillance malware. Microsoft recommends patching the exploited flaws and confirming that Microsoft Defender is updated to detect related indicators.