Organizations in the U.S., Mexico, and Honduras have been targeted in new attacks by the Chinese state-sponsored advanced persistent threat operation FamousSparrow, which was believed to have gone on a hiatus over the last three years, according to The Record, a news site by cybersecurity firm Recorded Future.
FamousSparrow exploited Windows Server and Microsoft Exchange vulnerabilities, among other exploits, to facilitate initial network access and the eventual deployment of the popular Chinese malware ShadowPad for keystroke logging, screenshot capturing, and command execution, as well as updated iterations of its SparrowDoor backdoor tool, a report from ESET revealed. Despite having been associated by multiple cybersecurity firms with other Chinese hacking groups, Famous Sparrow which is among the initial APTs that leveraged the Microsoft ProxyLogon flaw that had gone on to compromise various hotels around the world "appears to be its own distinct cluster with loose links to the others," said ESET researcher Alexandre Ct Cyr.
