Espionage group targeted hotels, governments, seized on Microsoft Exchange vulnerability

A cyber- group that’s targeted hotels and international governments since at least 2019 at times used a known Microsoft vulnerability to their victims, according to research published Thursday by ESET, a Slovakian security vendor.

ESET dubbed the group FamousSparrow in a blog post published Wednesday, and labeled it an “advanced persistent threat,” often used to describe nation-state groups or those of equivalent sophistication. More than 10 other APT groups have used a vulnerability in Microsoft Exchange servers, by ESET’s count, a flaw that was also the focus of suspected Chinese hackers and scammers who sought to mine , among others.

ESET did not identify the hotel organizations or the governments in question.

The FamousSparrow group started to exploit the Microsoft on March 3, 2021, after a software fix became available, according to the blog post. The group went after targets in Brazil, Burkina Faso, Canada, , Guatemala, Israel, Lithuania, Saudi Arabia, South Africa, Taiwan, Thailand and the United Kingdom.

The Microsoft Exchange attack path, which involves technology known as Proxy Logon, has had a long shelf life for after the initial splurge. Microsoft published numerous software updates this year, urging organizations to patch the flaws before

Read More: https://www.cyberscoop.com/famoussparrow-eset-microsoft-exchange-proxylogon/