Hackread.comChina-linked APT group #FamousSparrow (aka Salt Typhoon) has resurfaced, targeting the US and LATAM orgs with an upgraded version of #SparrowDoor malware.
Read: https://hackread.com/china-famoussparrow-apt-americas-sparrowdoor-malware/
ESET ResearchIn July 2024, #ESETresearch discovered that the China-aligned #FamousSparrow APT group, thought at the time to have been inactive since 2022, compromised the network of a US trade group and a Mexican research institute. https://www.welivesecurity.com/en/eset-research/you-will-always-remember-this-as-the-day-you-finally-caught-famoussparrow/
While helping the 🇺🇸 company remediate the compromise, we discovered FamousSparrow’s toolset hidden within the network. It included two previously undocumented versions of the group’s flagship backdoor, #SparrowDoor, one of them modular.
Both of these versions are a significant improvement over the older ones, especially in terms of code quality and architecture, implementing parallelization of time-consuming commands.
This campaign is also the first documented time that FamousSparrow used #ShadowPad, a privately sold modular backdoor known to only be supplied to threat actors affiliated with China.
IoCs available in our GitHub repo: https://github.com/eset/malware-ioc/tree/master/famoussparrow
While helping the 🇺🇸 company remediate the compromise, we discovered FamousSparrow’s toolset hidden within the network. It included two previously undocumented versions of the group’s flagship backdoor, #SparrowDoor, one of them modular.
Both of these versions are a significant improvement over the older ones, especially in terms of code quality and architecture, implementing parallelization of time-consuming commands.
This campaign is also the first documented time that FamousSparrow used #ShadowPad, a privately sold modular backdoor known to only be supplied to threat actors affiliated with China.
IoCs available in our GitHub repo: https://github.com/eset/malware-ioc/tree/master/famoussparrow
