Denim Tsunami is an Austrian private-sector offensive actor (PSOA) that emerged around February 2020, initially tracked by Microsoft as KNOTWEED and linked to the company DSIRF GmbH. This group specializes in developing and selling sophisticated surveillanceware, known as Subzero, and is also observed engaging in direct offensive cyber operations. Their primary motivation is cyber espionage and financial gain, often involving corporate espionage and surveillance. Denim Tsunami distinguishes itself by combining the sale of advanced cyber tools with direct involvement in targeted attacks, frequently exploiting zero-day vulnerabilities in widely used software. The group operates under the aliases KNOTWEED and DSIRF, and was officially designated 'Denim Tsunami' by Microsoft in April 2023.