You will always remember this as the day you finally caught FamousSparrow

Описание: In mid 2024, ESET Research discovered an ongoing compromise at an organization in the United States that operates in the financial sector. The threat actor behind this attack is FamousSparrow, a cyberespionage group active since at least 2019, known for targeting governments and hotels around the world, and that ESET believes is aligned with China’s interests. The group has flown under the radar since 2022, but is now back with an updated arsenal, including a, previously undocumented, modular version of SparrowDoor. This presentation will show a more complete picture of the group’s TTPs through collaboration with the targeted organization and EDR data. Robert documents this, along with the most interesting tools that were used. He also provides insight into how FamousSparrow operates inside the network after gaining initial access, and how defenders can use this knowledge to detect and prevent such malicious activity.
Webinar talk from QCTR 2025/Q3 by Robert Lipovsky, Principal Threat Intelligence Researcher at ESET. Recorded on Thursday, 16 October 2025

==============================
Timecodes
==============================
00:00 - Introduction
00:42 - Let's talk about FamousSparrow
01:15 - Salt Typhoon and FamousSparrow
02:35 - Tracking FamousSparrow targets worldwide
04:19 - Intrusion in a US financial organisation
11:56 - SparrowDoor backdoor
17:37 - Wrapping up
18:08 - Are Salt Typhoon and FamousSparrow the same?
24:34 - Q&A: The most surprising aspect of the campaign
25:55 - Q&A: Where will SparrowDoor evolve next?

==============================
Stay informed
==============================
If you liked this video, like and subscribe to our channel!    / @cybersecuritybelgium  
The CCB organizes events regularly. You can subscribe to our events via https://events.zoom.us/eo/AhgwS4H5MFg...
To stay informed about upcoming events, follow us on social media.
LinkedIn: https://www.linkedin.com/company/cent...
Twitter: https://x.com/CCBbelgium
Bluesky: https://bsky.app/profile/ccbbelgium.b...