ESET has discovered a new APT group, FamousSparrow, which has existed since at least 2019 and has been targeting hotels, international organizations, engineering firms and law firms around the world. FamousSparrow is believed to be involved in cyber espionage.
The victims of the hack group are in Europe (France, Lithuania, UK), the Middle East (Israel, Saudi Arabia), America (Brazil, Canada, Guatemala), Asia (Taiwan) and Africa (Burkina Faso), experts say.
Basically, the grouping attacks follow the same pattern: the group uses vulnerabilities in web applications to penetrate the networks of its victims. Among the vulnerabilities exploited by cybercriminals are bugs in Microsoft Exchange, SharePoint and Oracle Opera (hotel software).
It is emphasized that FamouseSparrow was one of the first APTs to organize attacks on ProxyLogon vulnerabilities found in Microsoft Exchange mail servers.
Once secured in the victim’s network, the attackers deploy a special SparrowDoor backdoor, which they use as a reference point for further movement in the compromised organization’s network, using publicly available tools, including Mimikatz and Metasploit.
ESET writes that FamousSparrow has used tools previously associated with spy operations by other hack groups, including DRDControl and SparklingGoblin, but researchers are not yet ready to report on any specific attribution of the group.
By the way, we wrote that Symantec warned that Booking hotels and online check-ins on flights are unsafe.
User Review
( votes)
