March 27, 2025 By Bill Toulas
A China-linked cyberespionage group known as 'FamousSparrow' was observed using a new modular version of its signature backdoor 'SparrowDoor' against a US-based trade organization.
The activity and new malware version were observed by security researchers at ESET, who found evidence the threat actor has been more active than initially thought since its last operations were exposed in 2022.
Apart from the financial organization, other recent attacks ESET uncovered and linked to FamousSparrow include a Mexican research institute and a government institution in Honduras.
In all these cases, initial access was achieved via exploitation of outdated Microsoft Exchange and Windows Server endpoints, infecting them with webshells.
.jpg)
Source: ESET
