Summary: A Chinese hacker group, FamousSparrow, has launched cyber attacks targeting a U.S. trade group and a Mexican research institute, deploying advanced versions of their backdoor tools, SparrowDoor and a new variant of ShadowPad. This marks the first observed use of ShadowPad by this group, which has a history of attacks involving hotel and government sectors. The attack chain utilized outdated server systems to deploy new, modular backdoor capabilities, demonstrating ongoing development within the group.
Affected: U.S. trade group and Mexican research institute
Keypoints :
- FamousSparrow has been linked to cyber attacks targeting organizations in the U.S. and Mexico.
- The group deployed two new versions of the SparrowDoor backdoor, improving on their previous capabilities.
- The attack involved exploiting outdated software and using web shells to facilitate further malware deployment.
- The newly modular version of SparrowDoor supports nine distinct modules for various functionalities, enhancing its operational flexibility.
- ESET considers FamousSparrow a distinct group with some connections to other Chinese threat actors.
Source: https://thehackernews.com/2025/03/new-sparrowdoor-backdoor-variants-found.html