Sparrow Strikes Again: FamousSparrow’s Sneaky Cyber Shenanigans Unleash New Malware Menace!
FamousSparrow, a Chinese threat actor, has struck again, deploying its flagship backdoor SparrowDoor and ShadowPad in a cyber attack on a U.S. trade group and a Mexican research institute. This marks the first time FamousSparrow has used ShadowPad, showcasing its knack for innovation in the world of cyber mischief.
Hot Take:
Looks like FamousSparrow is not just a bird, but a full-on cyber Hitchcock thriller! Deploying ShadowPad and the modular SparrowDoor backdoor, they’re making a splash in cybersecurity with more dramatic flair than a soap opera villain unveiling a hidden twin. With their newfound modularity, they might be angling for a place on the Cybersecurity Walk of Fame. Watch out, Hollywood!
Key Points:
- FamousSparrow is linked to cyber attacks on a U.S. trade group and a Mexican research institute, using SparrowDoor and ShadowPad malware.
- This marks the first deployment of ShadowPad by FamousSparrow, previously associated with other Chinese state-sponsored groups.
- SparrowDoor has evolved with parallel command execution and modular design, adding capabilities like keystroke logging and file system monitoring.
- Victims were running outdated Windows Server and Microsoft Exchange Server, providing vulnerabilities that FamousSparrow exploited.
- ESET identifies FamousSparrow as a distinct group with connections to clusters like Earth Estries and Salt Typhoon.
Already a member? Log in here