China’s FamousSparrow flies back into action, breaches US org after years off the radar

The China-aligned FamousSparrow crew has resurfaced after a long period of presumed inactivity, compromising a US financial-sector trade group and a Mexican research institute. The gang also likely targeted a governmental institution in Honduras, along with other yet-to-be-identified victims.

Plus, according to ESET researchers who spotted the activity, the Beijing-backed snoops developed two new versions of their custom SparrowDoor backdoor during what appeared to be a quiet stretch between 2022 and 2024.

ESET first documented FamousSparrow after uncovering its bespoke malware on hotel and government networks around the world - though the crew had likely been active since at least 2019.

After a long public silence, the Chinese gang appears to be back in action. The security shop noticed the crew's resurgence while assisting a US trade group recovering from an attack in July 2024.

"While helping the affected entity remediate the compromise, we made an unexpected discovery in the ...