New FamousSparrow APT group used ProxyLogon exploits in its attacks


FamousSparrow Figure-1.-Geographic-distribution-of-FamousSparrow-targets-1024x788

Researchers from ESET discovered a new cyberespionage group, tracked as FamousSparrow, that has been targeting hotels worldwide around the world since at least 2019. The group also hit higher-profile targets such as law firms, governments, and private companies worldwide.

According to the experts the group focuses on cyber espionage operations.

Telemetry data revealed that the APT group exploited Microsoft Exchange ProxyLogon vulnerabilities since March 3, 2021, only one day after Microsoft released security patches for them.

FamousSparrow group employed a custom backdoor, dubbed SparrowDoor in its attacks, along with two custom versions of Mimikatz.

Read more…