Threat actors
Denim Tsunami
crimewareATvia MISP
1 CVE attributed
Aliases2
DSIRFKNOTWEED
Denim Tsunami is a threat actor group that has been involved in targeted attacks against European and Central American customers. They have been observed using multiple Windows and Adobe 0-day exploits, including one for CVE-2022-22047, which is a privilege escalation vulnerability. Denim Tsunami developed a custom malware called Subzero, which has capabilities such as keylogging, capturing screenshots, data exfiltration, and running remote shells. They have also been associated with the Austrian spyware distributor DSIRF.
Attributed CVEs1
| CVE | Description | Severity | EPSS | Flags | Modified |
|---|---|---|---|---|---|
| CVE-2022-22047 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | HIGH7.8 | 19%p97 | KEV | 2025-10-30 |