CyberWire Daily

FamousSparrow’s sneaky resurgence.

Mar 27, 2025

Tal Skverer, Research Team Lead from Astrix, sheds light on the resurgence of China's FamousSparrow hacking group and its impact on cybersecurity. The conversation dives into the dangers of exposed data from misconfigured Amazon S3 buckets and a sophisticated Linux backdoor aimed at industrial systems. Tal discusses the significance of the OWASP NHI Top 10 framework for securing non-human identities, offering crucial insights on best practices and the risks of improper off-boarding. The episode also touches on automated credential stuffing and the evolving cyber threat landscape.

35:40

Creator website

Episode guests

Tal Skverer

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The resurgence of China's FamousSparrow hacking group underscores the evolving threat landscape that requires heightened vigilance across multiple sectors.

The data breach involving Vroom illustrates the critical need for fintech firms to adopt robust security measures, including end-to-end encryption and regular audits.

Deep dives

Return of Famous Sparrow and Evolving Cyber Threats

The China-linked hacking group Famous Sparrow has resurfaced and expanded its targeting to include a broader range of organizations, including government bodies, law firms, and research institutions. Previously known for exploiting specific vulnerabilities in hotel systems, the group now employs advanced malware and deploys the ShadowPad backdoor, hinting at a sophisticated evolution in their cyber-espionage capabilities. Their recent activities began targeting outdated Windows systems via web shells, which indicates a strategic pivot to exploit weaker security in less monitored sectors. This resurgence emphasizes the ongoing threat posed by state-sponsored cyber groups and highlights the necessity for heightened vigilance across various industries.

Intro

3min

Evolving Cyber Threats and Vulnerabilities

6min

Emerging Cyber Threats and Criminal Networks

6min

Securing Non-Human Identities

9min

Navigating Off-boarding and Identity Management

7min

China’s FamousSparrow is back. A misconfigured Amazon S3 bucket exposes data from an Australian fintech firm. Researchers uncover a sophisticated Linux-based backdoor targeting industrial systems. Infiltrating the BlackLock Ransomware group’s infrastructure. Solar inverters in the security spotlight. Credential stuffing gets automated. CISA updates the Known Exploited Vulnerabilities catalog. The UK’s NCA warns of online groups involved in sadistic cybercrime and real-world violence. Authorities arrest a dozen individuals linked to the now-defunct Ghost encrypted communication platform. Our guest is Tal Skverer, Research Team Lead from Astrix, discussing the OWASP NHI Top 10 framework. Remembering our friend Matt Stephenson.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We are joined by Tal Skverer, Research Team Lead from Astrix, who is discussing the OWASP NHI Top 10 framework and how teams can use these as they implement NHIs into their systems.

Selected Reading

Chinese Spy Group FamousSparrow Back with a Vengeance, Targets US (Infosecurity Magazine)

Aussie Fintech Vroom Exposes Thousands of Records After AWS Misconfiguration (HackRead)

New Sophisticated Linux Backdoor Targets OT Systems via 0-Day RCE Exploit (GB Hackers)

Blacklock Ransomware: A Late Holiday Gift with Intrusion into the Threat Actor's Infrastructure (Resecurity)

Dozens of solar inverter flaws could be exploited to attack power grids (Bleeping Computer)

Threat Actors Using Powerful Cybercriminal Weapon 'Atlantis AIO' to Automate Credential Stuffing Attacks (Cyber Security News)

CISA Adds of Sitecore CMS Code Execution Vulnerability to List of Known Exploited Vulnerabilities (Cyber Security News)

NCA Warns of Sadistic Online “Com” Networks (Infosecurity Magazine)

12 Cybercriminals Arrested Following Takedown of Ghost Communication Platform (Cyber Security News)

Matt Stephenson remembrance (LinkedIn)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

CyberWire Daily

FamousSparrow’s sneaky resurgence.

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Return of Famous Sparrow and Evolving Cyber Threats

Data Exposure Risks in the Fintech Sector

Challenges with Non-Human Identities in Cybersecurity

CyberWire Guest

Selected Reading

Share your feedback.

Want to hear your company in the show?

Remember Everything You Learn from Podcasts