A cyber-espionage group that’s targeted hotels and international governments since at least 2019 at times used a known Microsoft vulnerability to breach their victims, according to research published Thursday by ESET, a Slovakian security vendor.
ESET dubbed the group FamousSparrow in a blog post published Wednesday, and labeled it an “advanced persistent threat,” often used to describe nation-state groups or those of equivalent sophistication. More than 10 other APT groups have used a remote code execution vulnerability in Microsoft Exchange servers, by ESET’s count, a flaw that was also the focus of suspected Chinese hackers and scammers who sought to mine cryptocurrency, among others.
ESET did not identify the hotel organizations or the governments in question.
The FamousSparrow group started to exploit the Microsoft vulnerabilities on March 3, 2021, after a software fix became available, according to the blog post. The group went after targets in Brazil, Burkina Faso, Canada, France, Guatemala, Israel, Lithuania, Saudi Arabia, South Africa, Taiwan, Thailand and the United Kingdom.
The Microsoft Exchange attack path, which involves technology known as Proxy Logon, has had a long shelf life for hackers after the initial splurge. Microsoft published numerous software updates this year, urging organizations to patch the flaws before