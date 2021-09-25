A new group responsible for cyber-espionage crimes has been discovered by ESET. According to the company, this team is responsible for several security incidents in hotels and governments at least since 2019.

Called FamousSparrow, ESET describes the group of criminals as an advanced persistent threat, meaning the team makes use of continuous and sophisticated intrusion techniques to gain access and remain in systems for a long time. The security company claims that these virtual spies have worked around the world, as in France and even Brazil, during the past two years.

According to the ESET report, criminals make use of various attack vectors to carry out their spying, such as vulnerabilities in Microsoft SharePoint that allow remote code execution. But the main flaws used by the group are called ProxyLogon, found in older versions of Microsoft Exchange.

Want to catch up on the best tech news of the day? Go and subscribe to our new channel on youtube, Canaltech News. Every day a summary of the main news in the tech world for you! ProxyLogon is the name given to a set of failures in older versions of Microsoft Exchange. These vulnerabilities allow various malicious actors to enter systems and keep spying on them. In more extreme cases, the flaw was also used as a vector for virtual hijacking (ransomware) attacks. In March of this year, after much news of these flaws being used in ransomware attacks, Microsoft released updates for Exchange that fixed these vulnerabilities. According to the ESET report, FamousSparrow, one day after the release of the Microsoft Exchange update, began targeting its hacks on systems that were still using previous versions of the software. In addition to the use of ProxyLogon, the criminal group also makes use of its own backdoor attack called SparrowDoor, which deploys various malware into the invaded system. These viruses make it possible for criminals to rename and delete files, create folders, disable processes, send information such as size and attributes of documents, log information into specific files, and establish a remote command on victims’ machines. Finally, SparrowDoor also has a self-destruct function, which erases all traces of computer invasion. Connection to other persistent threats2019

ESET report also cites the fact that researchers have found FamousSparrow’s possible connections to other criminal groups considered advanced persistent threats.

However, even with these indications, the cybersecurity company considers FamousSparrow a separate group from the others. For the researchers, the members of this criminal team at some point gained access to hotel systems and began to spy and, after a while, began to target more important targets, such as governments.

Finally, ESET warns of the importance of all computer and network programs and systems being always up to date, to prevent threats such as those of the FamousSparrow group from happening.

More details about FamousSparrow can be found in the ESET article on criminals.

