November 30, 2023

Famous Sparrow, a cyber espionage group that targets hotels around the world, as well as governments, international organizations, engineering companies and law firms.

The Advanced Persistent Threats (APT) group, FamousSparrow, has been exploiting the Microsoft Exchange vulnerability known as ProxyLogon, which allows hackers to take control of Exchange servers.

The attacks began as early as the day after patches for the ProxyLogon vulnerability were released in March 2021. This is another reminder that it is essential to patch Internet applications quickly or, if it is not possible to do so quickly, not to expose them to the Internet

The victims are found throughout the world, in Europe (France, Lithuania, United Kingdom), the Middle East (Israel, Saudi Arabia), America (Brazil, Canada, Guatemala), Asia (Taiwan) and Africa (Burkina Faso).

Famous Sparrow is believed to have ties to other well-known APT groups as well. It is believed to have been active since 2019.

FamousSparrow is currently the only user of a custom backdoor that we discovered in the research and called SparrowDoor. The group also uses two custom versions of Mimikatz. The presence of any of these custom malicious tools could be used to connect incidents to FamousSparrow.

Tags:

Leave a Reply

You may have missed

BlueVoyant Acquires Conquest Cyber

November 30, 2023

Google Fixes Sixth Chrome ZeroDay of 2023

November 29, 2023

Ardent Health Services affected by a cyber incident

November 29, 2023

GE and DARPA – Claimed Hack raises concerns

November 28, 2023

POC released for Splunk Enterprise Vulnerability- CVE-2023-46214

November 28, 2023

AWS Detective adds new Capabilities

November 27, 2023
%d bloggers like this: