May 7, 2024

Famous Sparrow, a cyber espionage group that targets hotels around the world, as well as governments, international organizations, engineering companies and law firms.

The Advanced Persistent Threats (APT) group, FamousSparrow, has been exploiting the Microsoft Exchange vulnerability known as ProxyLogon, which allows hackers to take control of Exchange servers.

The attacks began as early as the day after patches for the ProxyLogon vulnerability were released in March 2021. This is another reminder that it is essential to patch Internet applications quickly or, if it is not possible to do so quickly, not to expose them to the Internet

The victims are found throughout the world, in Europe (France, Lithuania, United Kingdom), the Middle East (Israel, Saudi Arabia), America (Brazil, Canada, Guatemala), Asia (Taiwan) and Africa (Burkina Faso).

Famous Sparrow is believed to have ties to other well-known APT groups as well. It is believed to have been active since 2019.

FamousSparrow is currently the only user of a custom backdoor that we discovered in the research and called SparrowDoor. The group also uses two custom versions of Mimikatz. The presence of any of these custom malicious tools could be used to connect incidents to FamousSparrow.

Tags:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

Nvidia addresses Critical Vulnerability in Triton -CVE-2024-0087

May 6, 2024

Synlab Italia suffers a cyber incident

May 5, 2024

TheCyberThrone Security Week In Review – May 04, 2024

May 4, 2024

Microsoft initiative in response to CSRB

May 4, 2024

Aruba fixes several Critical Vulnerabilities

May 3, 2024

Dropbox suffers a Data Breach

May 3, 2024

Discover more from TheCyberThrone

Subscribe now to keep reading and get access to the full archive.

Continue reading