Governments, Engineers all Over the World Targeted by New Age Hacking Group

Governments, Engineers all Over the World Targeted by New Age Hacking Group

Researchers have identified a new hacker gang that is snooping on organizations all around the world.

The advanced persistent threat (APT) organization called FamousSparrow by ESET is a fresh arrival into the cyber espionage sector.

Governments, engineering businesses, international organizations, law firms, and the hotel industry from Europe, the United Kingdom, Israel, Saudi Arabia, Taiwan, Burkina Faso, West Africa, the United States, Brazil, Guatemala, and Canada have been targeted by this advanced APT, according to ESET.

Current threat data suggests FamousSparrow is a different organization from other active APTs. However, there appear to be some commonalities, ESET says. In one case, the exploit tools of threat actors were connected to the DRDControl APT through a command-and-control (C2) server. In another instance, it looked like a variation of the SparklingGoblin loader had been employed.

One thing that makes FamousSparrow of particular interest is that this new APT joined at least ten other APT organizations who exploited ProxyLogon flaws – a chain of zero-day vulnerabilities used to hack Microsoft Exchange servers throughout the world.

The APT prefers to target internet-facing applications as the first line of defense, which includes not just Microsoft Exchange servers but also Microsoft SharePoint and Oracle Opera.

FamousSparrow is the first known APT to employ a custom backdoor named SparrowDoor by ESET. This backdoor is installed by hijacking a loader along with a DLL search order, and once in place, a connection to the attacker’s C2 is established for data exfiltration.

Moreover, FamousSparrow owns two modified versions of Mimikatz, an open source post-exploitation password tool that hackers like to misuse. Upon initial infection, a version of this program is dumped, together with the NetBIOS scanner Nbtscan and a utility for capturing in-memory data, such as credentials.

ESET warns it is essential to immediately patch applications that use the Internet.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.

Share:

Share on facebook
Share on twitter
Share on linkedin