Summary: A China-linked cyberespionage group named ‘FamousSparrow’ is actively using a new modular version of its backdoor ‘SparrowDoor’ to target a US-based trade organization and other entities, including a Mexican research institute and a Honduran government institution. ESET researchers have observed significant advancements in the malware’s capabilities, such as parallel command execution and a new plugin-based architecture. Additionally, FamousSparrow appears to have access to sophisticated tools, including the ShadowPad RAT, indicating potential connections to other state-sponsored Chinese cyber actors.
Affected: US-based trade organization, Mexican research institute, Honduran government institution
Keypoints :
- FamousSparrow has been more active than previously believed since 2022.
- New versions of the SparrowDoor backdoor offer improved code quality and advanced features like parallel command execution.
- FamousSparrow’s operations include using the ShadowPad RAT, suggesting access to high-tier cyber tools.
- Initial access for attacks was achieved through outdated Microsoft Exchange and Windows Server endpoint exploitation.
- ESET identifies overlaps in techniques and tools among various Chinese threat groups, indicating shared resources.