Security News > 2021 > September > Hacking group used ProxyLogon exploits to breach hotels worldwide
A newly discovered cyberespionage group has been targeting hotels worldwide around the world since at least 2019, as well as higher-profile targets such as governments, international organizations, law firms, and engineering companies.
Slovakian internet security firm ESET spotted the hacking group and described it as an "Advanced persistent threat."
The group has used multiple attack vectors in Internet-exposed web applications to breach its targets' networks, including remote code execution vulnerabilities in Microsoft SharePoint, the Oracle Opera hotel management software, and the Microsoft Exchange security flaws known as ProxyLogon.
After breaching their victims' networks, the group deployed custom tools such as a Mimikatz variant, a small tool designed to harvest memory contents by dumping the Windows LSASS process, and a backdoor known as SparrowDoor only used by FamousSparrow.
The espionage group also started targeting Microsoft Exchange servers not patched against the ProxyLogon vulnerabilities in March 2021, one day after Microsoft fixed the bugs.
"FamousSparrow is yet another APT group that had access to the ProxyLogon remote code execution vulnerability early in March 2021. It has a history of leveraging known vulnerabilities in server applications such as SharePoint and Oracle Opera," the ESET researchers concluded.