# Not the Tweet We Want to Hear: FamousSparrow Are Back
In a concerning turn of events, cybersecurity researchers at ESET have recently discovered a new variant of the notorious malware group FamousSparrow. This latest development has sent shockwaves through the tech community, as it reveals that the group has been active for years, despite being thought to be dormant since 2022.
The discovery was made by ESET researchers, who uncovered additional activity by the group during the 2022-2024 period, including a targeted attack on a governmental institution in Honduras. However, the most recent attack has focused its attention on disrupting a U.S.-based trade group, highlighting the continued threat posed by this malicious entity.
FamousSparrow was first documented by ESET in September 2021, in connection with a series of cyberattacks. Since then, the group's activities have been monitored closely by cybersecurity experts. However, their recent resurgence has raised concerns about the potential danger of their improved backdoor tools.
According to Andrew Costis, Engineering Manager of the Adversary Research Team at AttackIQ, FamousSparrow should be taken seriously due to its unique use of the SparrowDoor backdoor. "FamousSparrow has been associated with Salt Typhoon, another prominent Chinese threat actor," Costis explains. "The two share similar infrastructure, which is not uncommon among APT groups. However, FamousSparrow should be treated as a distinct threat group based on its use of the SparrowDoor backdoor, which they have upgraded significantly since its last deployment years prior."
Costis also raises questions about why FamousSparrow remained undetected for so long. "It is concerning how FamousSparrow could remain undetected for years while remaining active and improving its patented backdoor tool," he notes. This suggests that the group has been using sophisticated tactics to evade detection, making them a formidable foe.
The recent attack on the U.S.-based trade group highlights the challenges organizations face in maintaining their cybersecurity posture. Costis warns that FamousSparrow's use of ProxyLogon just one day after Microsoft disclosed the vulnerability's existence underscores the importance of timely patch management.
So, what can businesses do to protect themselves against FamousSparrow? According to Costis, adopting a threat-informed defense posture and testing real-world observed adversary behaviors is key. "Organizations need to be proactive," he advises. "Prompt patch management, particularly for internet-facing applications, is also crucial in reducing the chances of an attack."
In light of this recent threat, it is essential that businesses take action to protect themselves against FamousSparrow's malware. By adopting a proactive approach and staying vigilant, organizations can reduce the risk of falling victim to this sophisticated threat.
---
### Timeline of FamousSparrow's Activity:
* 2021: ESET documents FamousSparrow for the first time, linking it to a series of cyberattacks. * 2022: FamousSparrow is thought to have gone dormant, but recent research suggests that the group has been active in secret. * 2022-2024: Additional activity by FamousSparrow is uncovered, including a targeted attack on a governmental institution in Honduras. * Recent Attack: FamousSparrow targets a U.S.-based trade group, highlighting the continued threat posed by this malicious entity.
### Expert Insights:
* Andrew Costis, Engineering Manager of the Adversary Research Team at AttackIQ, provides expert analysis on FamousSparrow's tactics and threats.