1. Forum
  2. FidoNet Int
  3. politics

  • Hackers target US financi

    From Mike Powell@1:2320/105 to All on Fri Mar 28 10:45:00 2025
    Notorious Chinese hackers FamousSparrow allegedly target US financial firms

    Date:
    Thu, 27 Mar 2025 14:18:00 +0000

    Description:
    The group was though to have retired - but it was just hiding really well.

    FULL STORY

    FamousSparrow, a Chinese state-sponsored threat actor thought to be retired,
    is not only active, but has been targeting government, financial
    organizations, and research institutes, for years now, experts have revealed.

    Cybersecurity researchers at ESET recently stumbled upon a new variant of FamousSparrows malware , leading them down a rabbit hole exposing the group's activities across the globe.

    ESET said that it was brought in by an unnamed trade group in the United States, operating in the financial sector, to assist with a malware
    infection. The investigators found two previously undocumented versions of SparrowDoor, FamousSparrows flagship backdoor.

    SparrowDoor

    ESET said that the group hasnt been heard of since 2022, which made the cybersecurity community think it was inactive.

    However, during that period, FamousSparrow targeted a government institution
    in Honduras, and a research institute in Mexico.

    In fact, the latter was breached just a couple of days prior to the
    compromise in the US (both had happened in July 2024).

    Both of these versions of SparrowDoor constitute marked progress over earlier iterations, especially in terms of code quality and architecture, and one implements parallelization of commands, ESET said.

    While these new versions exhibit significant upgrades, they can still be
    traced back directly to earlier, publicly documented versions. The loaders
    used in these attacks also present substantial code overlaps with samples previously attributed to FamousSparrow, says ESET researcher Alexandre Ct
    Cyr, who made the discovery.

    The investigators said they couldnt determine the initial infection vector,
    but added that the company used outdated versions of Windows Server and Microsoft Exchange, both of which have multiple, publicly available exploits.

    Whichever vulnerability they used, FamousSparrow deployed a webshell on an
    IIS server, gaining access and the ability to deploy additional payloads.

    Besides SparrowDoor, the group used ShadowPad, and other tools capable of running commands, keylogging, exfiltrating files, taking screenshots, and
    more.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/chinese-hackers-famoussparrow-allegedly -target-us-financial-firms

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)