[TheRecord] A new APT is targeting hotels across the world

A new advanced persistent threat (APT), a term used to describe state-sponsored cyber-espionage groups, has been spotted mounting attacks against hotels across the world.

Codenamed FamousSparrow, this new APT was discovered by Slovak security firm ESET, which said it’s been tracking its attacks as far back as 2019.

“FamousSparrow’s victims are located in Europe (France, Lithuania, the UK), the Middle East (Israel, Saudi Arabia), the Americas (Brazil, Canada, Guatemala), Asia (Taiwan), and Africa (Burkina Faso),” the company said in a report shared with The Record.

Besides hotels, other attacks also hit governments, international organizations, engineering companies, and law firms.

“The targeting suggests that FamousSparrow’s intent is cyberespionage,” ESET researchers said today.

Entering via unpatched web applications

Most of the attacks followed the same pattern, with the group using vulnerabilities in web applications as entry points into its victims’ networks. According to ESET, past attacks exploited security flaws in:

Microsoft ExchangeMicrosoft SharePointOracle Opera (business software for hotel management)

Particularly interesting was also the fact that FamouseSparrow was one of the first APTs to mount attacks using the ProxyLogon vulnerability in Microsoft Exchange email servers.

ESET said the group weaponized ProxyLogon just one day after Microsoft disclosed the vulnerability’s existence, with the first attacks recorded on March 3, 2021/

Once FamousSparrow had a foothold inside a target network, ESET researchers said the attackers deployed a custom backdoor named SparrowDoor, which they used as a pivot point to orchestrate ways to move laterally inside a hacked organization using public tools like Mimikatz and Metasploit.

But while ESET noted that the FamousSparrow group used tools previously linked to espionage operations carried out by other groups such as DRDControl [PDF] and SparklingGoblin, researchers also said they aren’t ready just yet to attribute the group to any particular state.

Hotels are often targeted for intelligence gathering

The group now joins the ranks of other APTs that have historically targeted hotels, such as the infamous DarkHotelAPT28, and the Rana Group, which didn’t target hotels directly but hotel room booking systems.

The purpose of attacking and compromising hotels is simple, as it allows cyber-espionage groups to track the movement of persons of interest.

For the same reason, APTs often also target telcos and airline companies, seeking to gain insight, intercept targets, or track the movements of their targets.

The post A new APT is targeting hotels across the world appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ZDNet] White House urges mayors to meet with state cybersecurity officials on ransomware

All posts, ZDNet

Deputy National Security Advisor Anne Neuberger spoke about cybersecurity risks during the US Conference of Mayors. Source: Read More (Latest topics for ZDNet in Security)

Read More

[HackerNews] Researchers Uncover FIN8’s New Backdoor Targeting Financial Institutions

All posts, HackerNews

A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar. The previously undocumented malware has been dubbed “Sardonic” by Romanian Source: […]

Read More

[HackerNews] Google to Let Android Users Opt-Out to Stop Ads From Tracking Them

All posts, HackerNews

Google is tightening the privacy practices that could make it harder for apps on Android phones and tablets to track users who have opted out of receiving personalized interest-based ads. The change will go into effect sometime in late 2021. The development, which mirrors Apple’s move to enable iPhone and iPad users to opt-out of […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.