Chinese Hacker Group ‘FamousSparrow’ Resurfaces
The FamousSparrow hacking group, thought to be inactive since 2022, has re-emerged, targeting organizations in the U.S., Mexico, and Honduras, according to ESET researchers.
Investigating a cyberattack on a U.S. trade group, ESET discovered upgraded versions of the group’s SparrowDoor backdoor malware. Despite modifications, it was traced back to earlier versions.
Active since 2019, FamousSparrow has targeted hotels, governments, and international organizations across multiple countries. Recent attacks exploited outdated Windows Server and Microsoft Exchange vulnerabilities.
Using custom malware and Chinese cyber tools like ShadowPad, the group can steal data, monitor activity, and execute commands remotely.
FamousSparrow was also one of the first to exploit Microsoft Exchange’s ProxyLogon flaw in 2021. With its reappearance and enhanced tools, it remains a serious cyber threat.
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543