The infamous Chinese hacking group known as FamousSparrow has been identified as the culprit behind a recent cyber attack targeting a trade organization in the United States and a research institution in Mexico. This operation is notable for the deployment of two newly discovered variants of the SparrowDoor backdoor, as well as the use of ShadowPad, a malware often associated with Chinese state-sponsored actors.
According to a report by ESET, the attack, which took place in July 2024, marks the first time FamousSparrow has utilized ShadowPad in its operations. ESET described the new SparrowDoor variants as indicative of significant advancements, including improved command parallelization capabilities. This suggests that the threat actor is continuously honing its tools to bypass security measures.
FamousSparrow was initially documented in September 2021, with earlier activities linked to various attacks on hotels, government entities, and construction firms. Previous reports have suggested connections between FamousSparrow and other threat groups like Earth Estries and Salt Typhoon, although ESET treats it as a distinct entity in the cyber threats landscape. Their technique involves deploying a web shell on compromised Internet Information Services (IIS) servers, facilitating unauthorized access to sensitive networks.
The attack chain reportedly leverages outdated Windows Server and Microsoft Exchange Server versions among the victims, exposing them to critical vulnerabilities. Once the web shell is operational, it executes remote commands, launching the SparrowDoor and ShadowPad backdoors. Notably, the latest SparrowDoor variant carries enhancements that permit simultaneous command execution, thus improving its operational efficiency.
Researchers are keeping a close eye on FamousSparrow as they note that the group appears to be actively developing new iterations of their malware, highlighting their ongoing threat. As cybersecurity experts continue to unravel the evolving landscape of cybercrime, vigilance and adaptive strategies will be vital to safeguard against such persistent threats.