FamousSparrow Hacking Group Is Targeting Hotels, Companies, and Governments Everywhere
The Threat Actor Used a ProxyLogon Microsoft Exchange Server Flaw Together with SparrowDoor, Its Own Custom Backdoor.
Last updated on September 24, 2021
A new cyberespionage group targeting hotels, governments, and private businesses all over the world has been recently spotted by cybersecurity specialists at ESET.
According to them, the cyberespionage gang, dubbed FamousSparrow, is an Advanced Persistent Threat (APT) that has been operative since at least 2019. The APT is among those that targeted the ProxyLogon vulnerabilities earlier this year but it hasn’t been noticed until now.
FamousSparrow Goes Global
Even though the hacking group’s targets are usually hotels, security specialists have noticed the gang also attacked international companies, law organizations, and governments. Some of their victims are from the United Kingdom, Lithuania, Guatemala, Saudi Arabia, Brazil, Burkina Faso, South Africa, Canada, Israel, France, Taiwan, and Thailand.
ESET researchers Matthieu Faou and Tahseen Bin Taj stated:
The targeting, which includes governments worldwide, suggests that FamousSparrow’s intent is espionage.
As stated by the specialists who were able to discover the initial compromise vector for certain cases, FamousSparrow compromised its victims’ systems via vulnerable internet web apps. The threat actor also exploited Remote Code Execution (RCE) vulnerabilities in Microsoft SharePoint, Oracle Opera (business software for hotel management), and the Microsoft Exchange security bugs known as ProxyLogon (in March 2021).
According to ESET, once a server is compromised, the APT infects it with custom tools such as:
Researchers believe FamousSparrow is connected to other APT groups such as SparklingGoblin and DRBControl as they found similar malware versions but also state the newly discovered hacking group has its own entity.
They remind organizations everywhere of the importance of patching Internet-facing applications immediately. If this action is not possible, companies should not expose the apps to the Internet at all.
As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.