📰 Chinese APT FamousSparrow Hits Azerbaijan Energy Sector with Deed RAT

🇨🇳 Chinese APT FamousSparrow targets Azerbaijan's energy sector. Campaign used Exchange exploits to deploy an updated Deed RAT for cyber-espionage, signaling new geopolitical targeting. 🇦🇿 #APT #China #CyberSecurity #EnergySector #FamousSparrow

🌐 cyber[.]netsecops[.]io

🔗 https://cyber.netsecops.io/articles/chinese-apt-famoussparrow-targets-azerbaijan-energy-sector-with-deed-rat/?utm_source=m…

FamousSparrow nel Caucaso: tre ondate di spionaggio cinese colpiscono il gas azero che alimenta l’Europa

https://insicurezzadigitale.com/famoussparrow-nel-caucaso-tre-ondate-di-spionaggio-cinese-colpiscono-il-gas-azero-che-alimenta-leuropa/

📢⚠️ China-linked #FamousSparrow hacking group targeted an oil and gas firm in #Azerbaijan using the ProxyNotShell exploit chain alongside Deed RAT and Terndoor malware across three persistent attack waves.

Read: https://hackread.com/famoussparrow-oil-gas-ms-exchange-server-exploit/

#CyberSecurity #China #MSExchange #Malware #CyberAttack

China-linked hackers exploit Microsoft Exchange in Azerbaijani energy firm attacks.

A group of China-linked hackers, known as FamousSparrow, launched a sustained cyberattack on an Azerbaijani oil and gas company, exploiting Microsoft Exchange vulnerabilities in a multi-wave intrusion that spanned three months. The attackers used the ProxyNotShell exploit to gain and maintain access to…

https://osintsights.com/china-linked-hackers-exploit-microsoft-exchange-in-azerbaijani-energy-firm-attac?utm_source=mastodon&utm_medium=social

#ChinalinkedHackers #MicrosoftExchange #Proxynotshell #Famoussparrow #EarthEstries

FamousSparrow / SparrowDoor static analysis.
Legacy variant (2019-2022), SHA256: 8dfaa1f579...

4 findings not present in public vendor reporting
at time of analysis (ESET, UK NCSC, Trend Micro, Microsoft)

→ Inverted anti-sandbox logic
→ Three-table substitution system
→ .text section entropy anomaly
→ 113 indirect call sites in 26KB binary

Thread: [PHIM] findings only.
Full report: https://github.com/seraphimdeck/SerapHim-CTI

#FamousSparrow #SaltTyphoon #MalwareAnalysis #CTI

Happy Monday everyone!

Just got done reading an incredible article from ESET researchers describing an APT group that was long thought to be inactive alive in well! #FamousSparrow is a China-aligned APT group that has had no publicly documented activity since 2022 and was found using two previously undocumented versions of their backdoor, SparrowDoor. They used a mix of publicly available and custom tools for their attack ultimately leading to the deployment of SparrowDoor and ShadowPad (a privately sold backdoor). This report gets more and more interesting as you go so please go take the time to read it! Enjoy and Happy Hunting!

You will always remember this as the day you finally caught FamousSparrow
https://www.welivesecurity.com/en/eset-research/you-will-always-remember-this-as-the-day-you-finally-caught-famoussparrow/

Intel 471 Cyborg Security, Now Part of Intel 471 #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday

China-linked APT group #FamousSparrow (aka Salt Typhoon) has resurfaced, targeting the US and LATAM orgs with an upgraded version of #SparrowDoor malware.

Read: https://hackread.com/china-famoussparrow-apt-americas-sparrowdoor-malware/

#CyberSecurity #CyberAttack #SaltTyphoon #China #LATAM

Famous Sparrow APT Group: Enhanced Cyber Arsenal and Global Threats

https://thedefendopsdiaries.com/famous-sparrow-apt-group-enhanced-cyber-arsenal-and-global-threats/

#famoussparrow
#aptgroup
#cyberespionage
#shadowpad
#cybersecurity