Cymulate named a Customers' Choice in 2025 Gartner® Peer Insights™
Learn More
New Gartner® Report: Strategic Roadmap for CTEM
Learn More
New Integration Partnership with WIZ!
Learn More
Threat Exposure Validation Impact Report 2025
Learn More
Book a Demo
Book a Demo

FamousSparrow: A suspicious hotel guest

September 27, 2021

FamousSparrow is a group that is considered as the only current user of the custom backdoor, SparrowDoor. It also uses two custom versions of Mimikatz that could be used to connect incidents to this group. While they consider FamousSparrow to be a separate entity, they found connections to other known APT groups. In one case, attackers deployed a variant of Motnug that is a loader used by SparklingGoblin. In another case, on a machine compromised by FamousSparrow, they found a running Metasploit with cdn.kkxx888666[.]com as its C&C server. This domain is related to a group known as DRBControl.

Featured Resources

View More Resources
image
blog

Critical RCE in React Server Components CVE-2025-55182 and CVE-2025-66478: What It Means for Security Teams

Ilan Kalendarov, Security Research Team LeadBen Zamir, Security Researcher What was discovered?  A critical un-authentication remote code execution (RCE) vulnerability has been disclosed in React

Read More
image
blog

Test LLM Resilience Against Prompt Injection and Jailbreaks with New Cymulate Attack Scenarios

Executive Summary  As large language models (LLMs) become embedded in productivity, automation and security workflows, a new class of risks

Read More
image
blog

Testing LLM Resilience: How Cymulate Exposure Validation Simulates Prompt Injection and Jailbreaks 

See how Cymulate is redefining LLM security by simulating real-world prompt injection and jailbreak attacks to validate AI defenses.

Read More