The Chinese cyber threat group known as FamousSparrow has been linked to recent cyber attacks targeting a U.S. trade organization and a Mexican research institute. The attackers utilized their signature backdoor, SparrowDoor, as well as ShadowPad malware, marking a notable escalation in their operations. This marks the first deployment of ShadowPad by the group, known for traditionally using other malware variants.
In their latest activities observed in July 2024, ESET, a Slovak cybersecurity firm, reported the introduction of two new, previously undocumented variants of the SparrowDoor backdoor, with one variant incorporating modular capabilities. The enhancements allow for improved operational efficiency, including the ability to run concurrent commands and process instructions in real-time.
FamousSparrow emerged as a notable threat in September 2021, attributed to attacks on various sectors, including hospitality and government infrastructures. While their tactics share similarities with other groups such as Earth Estries, ESET categorizes FamousSparrow as a distinct entity based on unique attributes and operational patterns.
The latest attack began with the compromise of an Internet Information Services (IIS) server, allowing the attackers to deploy a web shell. This web shell executed scripts that facilitated the installation of both SparrowDoor and ShadowPad on the victims’ systems, which were reported to be using outdated versions of Windows Server and Microsoft Exchange Server.
The SparrowDoor backdoor offers a wide range of commands enabling various malicious operations. It can initiate proxy connections, transfer files, gather system information, and even remove itself. The newly introduced modular backdoor variant enhances its functionality by employing a plugin architecture to enable diverse tasks such as keystroke logging and file system monitoring.
ESET highlighted that the level of activity from FamousSparrow suggests ongoing development of their malware, indicating the group’s resilience and adaptability in the changing landscape of cybersecurity threats.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.