Jump to content
  • A new APT is targeting hotels across the world

    aum

    • 429 views
    • 3 minutes
     Share


    • 429 views
    • 3 minutes

    A new advanced persistent threat (APT), a term used to describe state-sponsored cyber-espionage groups, has been spotted mounting attacks against hotels across the world.

     

    Codenamed FamousSparrow, this new APT was discovered by Slovak security firm ESET, which said it’s been tracking its attacks as far back as 2019.

     

    “FamousSparrow’s victims are located in Europe (France, Lithuania, the UK), the Middle East (Israel, Saudi Arabia), the Americas (Brazil, Canada, Guatemala), Asia (Taiwan), and Africa (Burkina Faso),” the company said in a report shared with The Record.

     

    Besides hotels, other attacks also hit governments, international organizations, engineering companies, and law firms.

     

    “The targeting suggests that FamousSparrow’s intent is cyberespionage,” ESET researchers said today.

     

    Entering via unpatched web applications


    Most of the attacks followed the same pattern, with the group using vulnerabilities in web applications as entry points into its victims’ networks. According to ESET, past attacks exploited security flaws in:

     

    • Microsoft Exchange
    • Microsoft SharePoint
    • Oracle Opera (business software for hotel management)


    Particularly interesting was also the fact that FamouseSparrow was one of the first APTs to mount attacks using the ProxyLogon vulnerability in Microsoft Exchange email servers.

     

    ESET said the group weaponized ProxyLogon just one day after Microsoft disclosed the vulnerability’s existence, with the first attacks recorded on March 3, 2021/

     

    Once FamousSparrow had a foothold inside a target network, ESET researchers said the attackers deployed a custom backdoor named SparrowDoor, which they used as a pivot point to orchestrate ways to move laterally inside a hacked organization using public tools like Mimikatz and Metasploit.

     

    But while ESET noted that the FamousSparrow group used tools previously linked to espionage operations carried out by other groups such as DRDControl [PDF] and SparklingGoblin, researchers also said they aren’t ready just yet to attribute the group to any particular state.

     

    Hotels are often targeted for intelligence gathering


    The group now joins the ranks of other APTs that have historically targeted hotels, such as the infamous DarkHotel, APT28, and the Rana Group, which didn’t target hotels directly but hotel room booking systems.

     

    The purpose of attacking and compromising hotels is simple, as it allows cyber-espionage groups to track the movement of persons of interest.

    For the same reason, APTs often also target telcos and airline companies, seeking to gain insight, intercept targets, or track the movements of their targets.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...