A China-linked cyberespionage gang known as ‘FamousSparrow’ was caught utilising a new modular version of its signature backdoor ‘SparrowDoor’ against a US-based trade organisation. Security experts at ESET spotted the activities and new malware version, uncovering evidence that the attacker has been more active than previously anticipated since its last operations were reported in 2022.
Apart from the financial organisation, ESET identified and linked further recent attacks to FamousSparrow, including a Mexican research facility and a Honduran government entity. In all of these incidents, initial access was acquired by exploiting obsolete Microsoft Exchange and Windows Server endpoints and infecting them with webshells.
New modular SparrowDoor
ESET’s investigation revealed two new variants of the SparrowDoor backdoor. The first is identical to a backdoor credited to ‘Earth Estries,’ with enhanced code quality, architecture, encrypted configuration, persistence methods, and stealthy command-and-control (C2) switching. A critical new fea
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: