Researchers have found a new target group targeting engineers and government entities worldwide. Reportedly, FamousSparrow is a group among Advanced Persistent Threat (APT) is supposedly a new entry to cyberespionage space.
APT has been active since 2019 and is attacking not only government entities and engineers, but also international organizations, legal companies, and the hospitality sector.
According to the reports by ZDNet, the affected regions are located in Europe, the United Kingdom, Israel, Saudi Arabia, Taiwan, Burkina Faso in West Africa, and the Americas — including Brazil, Canada, and Guatemala.
ESET says that even though FamousSparrow is independent and is separate from Advanced Persistent Threat (APTs) groups, there have been some incidents where there were several overlaps for both groups. Several exploit tools were being used by attackers such as the command and control (C2) server which is further linked to DRDControl APT, and another loader called SpakrlingGoblin which was also used by them.
Another fact about the new APT is that these groups generally target ProxyLogon which is a chain of zero-day vulnerabilities used to compromise Microsoft Exchange servers worldwide. This APT, along with 10 other APT groups were able to exploit ProxyLogon on March 3.
After the exploitation, Microsoft launched an emergency safety patch and went to the public saying that it is yet another APT group that had access to the details of the ProxyLogon vulnerability chain in March 2021. (ZDNet)
The researchers said in a report, “This is another reminder that it is critical to patch internet-facing applications quickly, or, if quick patching is not possible, to not expose them to the internet at all.” Furthermore, they added, “The targeting, which includes governments worldwide, suggests that FamousSparrow’s intent is espionage.”