Cryptolaemus cybersecurity experts: The malware distribution process is the same used to distribute BazarLoader.
ESET: here it comes FamousSparrow, a new cyber espionage group. It targets hotels, governments, and private companies worldwide, exploiting RCE vulnerabilities and custom malware
FamousSparrow is a new cyber espionage group targeting hotels, governments, and private companies worldwide. It has been discovered by ESET cybersecurity experts, who believe it has been active since at least 2019. According to the researchers, the cybercrime actors exploited known remote code execution vulnerabilities in Microsoft Exchange (including ProxyLogon in March 2021), Microsoft SharePoint and Oracle Opera (business software for hotel management), which were used to drop various malicious samples. Once the server is compromised, attackers deploy several custom tools:
- A Mimikatz variant;
- A small utility that drops ProcDump on disk and uses it to dump the lsass process, probably in order to gather in-memory secrets, such as credentials;
- Nbtscan, a NetBIOS scanner;
- A loader for the SparrowDoor backdoor.