216.73.217.139

You will always remember this as the day you finally caught FamousSparrow

· Published 26/03/2025 20:15 · Modified 26/03/2025 20:51

Export JSON

Essential information

Published
26/03/2025 20:15
Modified
26/03/2025 20:51
Tags
2025-03-26 hemigate modular malware shadowpad sparrowdoor
Related entities
12 observables, 1 intrusion sets (apt), 21 techniques (mitre), 3 malware, 5 others

Description

ESET researchers uncovered new activity by the FamousSparrow APT group, including two undocumented versions of their backdoor. The group compromised a US financial sector trade group and a Mexican research institute in July 2024. The new versions show significant improvements in code quality and architecture, implementing command parallelization. FamousSparrow also used the backdoor for the first time. The analysis revealed links between FamousSparrow and other China-aligned threat actors like Earth Estries. The group's continued development of tools during a period of apparent inactivity suggests they remained active but undetected from 2022 to 2024.

External references