Researchers have uncovered a sophisticated cyber espionage campaign that targeted multiple organizations in different countries, including the United States, Mexico, and Honduras. The campaign was carried out by a threat actor known as FamousSparrow, who was found to have used a privately sold backdoor called ShadowPad, typically associated with China-aligned threat actors.
The discovery of the campaign was made while researchers were assisting an affected entity in remedying a compromise in their network. This led to the revelation of a series of attacks conducted by FamousSparrow, including the breach of a research institute in Mexico and an attack on a government institute in Honduras. ESET, the cybersecurity company leading the investigation, has identified these activities as part of the same campaign.
Despite attributing the July campaign to FamousSparrow with high confidence, ESET has hesitations about connecting FamousSparrow to Microsoft’s Salt Typhoon. While there are some similarities between the two threat actors, there are also significant differences that suggest FamousSparrow is a distinct cluster with only loose links to Salt Typhoon. Microsoft, on the other hand, has publicly stated that Salt Typhoon is the same group as FamousSparrow and another threat actor called GhostEmperor. However, Microsoft has not linked the activities uncovered by ESET researchers to these threat actors.
The use of ShadowPad in this campaign is particularly concerning, as this backdoor is not widely available and is typically only used by Chinese threat actors. The fact that FamousSparrow had access to this tool suggests a level of sophistication and expertise that is usually associated with state-sponsored cyber operations.
ESET continues to investigate the full scope of the campaign and is working to identify any additional victims or activities carried out by FamousSparrow. The cybersecurity firm is urging organizations to remain vigilant and take steps to enhance their security posture in light of this new threat.
Overall, the discovery of this cyber espionage campaign serves as a stark reminder of the constant and evolving threat posed by malicious actors in the digital realm. As technology advances, so too do the tactics and tools used by cybercriminals, underscoring the need for robust cybersecurity measures and ongoing vigilance to protect sensitive data and networks from sophisticated attacks.