Threat Post -
A custom “SparrowDoor” backdoor has allowed the attackers to collect data from targets around the globe.
A cyberespionage group dubbed “FamousSparrow” by researchers has taken flight, targeting hotels, governments and private organizations around the world with a custom backdoor called, appropriately, “SparrowDoor.” It’s one of the advanced persistent threats (APTs) that targeted the ProxyLogon vulnerabilities earlier this year, according to ESET, though its activity has only recently come to light.
According to the firm, the backdoor’s malicious actions include the ability to: rename or delete files; create directories; shut down processes; send information such as file attributes, file size and file write time; exfiltrate the content of a specified file; write data to a specified file; or establish an interactive reverse shell. There’s also a kill switch to remove persistence settings and all SparrowDoor files from the victim machines.
“The targeting, which includes governments worldwide, suggests that FamousSparrow’s intent is espionage,” researchers noted.
ProxyLogon Exploits and More
The ProxyLogon remote code execution (RCE) bug was disclosed in March, and was used by more than 10 APT groups to establish access via shellcode to Exchange mail servers worldwide in a flurry of attacks. According