Summary: A Chinese hacking group known as FamousSparrow, previously considered dormant, has resurfaced to target organizations in the U.S., Mexico, and Honduras. Researchers from ESET discovered upgrades to their backdoor tool, SparrowDoor, indicating ongoing cyber-espionage activities since 2022. The group is linked to a series of attacks on various sectors, including government and research institutes, using sophisticated malware and tools, showcasing a notable evolution in their tactics.
Affected: U.S. trade groups, government organizations in Honduras, and research institutes in Mexico
Keypoints :
- FamousSparrow has been upgrading their backdoor tool, SparrowDoor, with new undocumented versions.
- The group previously targeted hotels globally, and has now expanded its focus to critical organizations in Latin America.
- Recent investigations revealed that many victim networks were running outdated software, which could have facilitated the attacks.
- FamousSparrow showed a rapid response to new vulnerabilities, notably exploiting the ProxyLogon vulnerability in Microsoft Exchange shortly after its disclosure.
Source: https://therecord.media/china-famous-sparrow-back-eset