Who is Denim Tsunami?

Denim Tsunami is a threat actor attributed to AT, also known as KNOTWEED, DSIRF. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does Denim Tsunami exploit?

Denim Tsunami is known to exploit 1 CVEs. View the full list on the Strobes VI threat actor profile page.

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

Denim Tsunami

Also known as: KNOTWEED, DSIRF

Exploited CVEs

Overview

Denim Tsunami is a threat actor group that has been involved in targeted attacks against European and Central American customers. They have been observed using multiple Windows and Adobe 0-day exploits, including one for CVE-2022-22047, which is a privilege escalation vulnerability. Denim Tsunami developed a custom malware called Subzero, which has capabilities such as keylogging, capturing screenshots, data exfiltration, and running remote shells. They have also been associated with the Austrian spyware distributor DSIRF.

Exploited Vulnerabilities

CVE ID	Action
CVE-2022-22047