See full agenda Wed Mar 26 / 01:20 PM - 01:50 PM PST

You will always remember this as the day you finally caught FamousSparrow

In mid 2024, ESET Research discovered an ongoing compromise at an organization in the United States that operates in the financial sector. The threat actor behind this attack is FamousSparrow, a cyberespionage group active since at least 2019, known for targeting governments and hotels around the world, and that we believe is aligned with China’s interests. The group has flown under the radar since 2022, but is now back with an updated arsenal, including a, previously undocumented, modular version of SparrowDoor.
This presentation will show a more complete picture of the group’s TTPs through collaboration with the targeted organization and EDR data. We will document this, along with the most interesting tools that were used. We will also provide insight into how FamousSparrow operates inside the network after gaining initial access, and how defenders can use this knowledge to detect and prevent such malicious activity.

Robert Lipovsky Bio
Robert Lipovsky is a Principal Threat Intelligence Researcher for ESET, with over 15 years' experience in cybersecurity and a broad spectrum of expertise covering both targeted APTs and crimeware. He is responsible for threat intelligence and malware analysis and leads the Malware Research Team at ESET headquarters in Bratislava.
He is a regular speaker at security conferences, including Black Hat USA, RSA Conference, Virus Bulletin, BlueHat, MITRE ATT&CKcon, Gartner Security & Risk Management Summit, and various NATO-organized conferences. He also teaches reverse engineering at the Slovak University of Technology – his alma mater – and at Comenius University.
When not bound to a keyboard, he enjoys traveling, playing guitar and flying single-engine airplanes.

RESEARCH

More presentations from Robert Lipovsky: Breakout Session - Press Track , BS PT 1 / Exclusive Research Presentation I.

47. Robert Lipovsky - Principal Threat Intelligence Researcher, ESET

Robert Lipovsky Principal Threat Intelligence Researcher, ESET

See full agenda

ESET, spol. s.r.o. takes data protection very seriously. All information collected through this website is processed for marketing purposes only. I understand I can opt out at any time.

Terms of Use

These Terms of Use (hereinafter referred to as "Terms") constitute a special agreement between ESET, spol. s r. o., having its registered office at Einsteinova 24, 851 01 Bratislava, Slovak Republic, registered in the Commercial Register administered by Bratislava I District Court, Section Sro, Entry No 3586/B, Business Registration Number: 31 333 535 (hereinafter referred to as "ESET" or "Provider") and you, a natural person or legal entity (hereinafter referred to as "You" or "User”) who accesses the service (as defined bellow) through this website governed by the Terms. If you use the service on behalf of an organization, then you agree to these Terms for that organization and guarantee that you have the authority to bind that organization to these Terms. In that case You and User will refer to that organization. Read the Terms carefully, they relate also to service provided by ESET through or in relation to this website.

Description of Service

Through this website, ESET provides you with access to a variety of resources, including live video streams for uploaded videos, files and other materials (hereinafter referred to as "Service"). The Service, including any updates, enhancements, new features, and/or the addition of any new Web properties, are subject to the Terms. The Service is available exclusively to the registered visitors.

The Service requires you to register for the event, you must complete the registration process by providing us with current, complete and accurate information as prompted by the applicable registration form.

ESET reserves the right to decline your registration at its sole discretion.

Furthermore, you are entirely responsible for any and all activities that occur under your registration. You agree to notify ESET immediately of any unauthorized use of your account or any other breach of security. ESET will not be liable for any loss that you may incur as a result of someone else using your unique link, either with or without your knowledge. However, you could be held liable for losses incurred by ESET or another party due to someone else using your unique link. You may not use anyone else's account at any time, without the permission of the account holder.

Details about privacy, personal data protection and rights as a data subject can be found in Privacy Policy.

Electronic Communication

ESET will communicate with You electronically in the course of performing activities presumed by these Terms, including in the course of provision of Services, account or our website. We may send You emails, notifications via your account or post the communication on our website. You agree to receive legal communications from ESET in electronic form, including any communications on change in Terms or Privacy Policies, any contract proposal/acceptance or invitations to treat, notices or other legal communications and that such electronic communication shall be deemed as received in writing, unless a different form of communication is specifically required by applicable laws.

Usage Limitations

As a condition of your use of the Service, you will not use the Service for any purpose that is unlawful or prohibited by these terms, conditions, and notices. You may not use the Service in any manner that could damage, disable, overburden, or impair any ESET server, or the network(s) connected to any ESET server, or interfere with any other party's use and enjoyment of any Services. You may not attempt to gain unauthorized access to any Services, other accounts, computer systems or networks connected to any ESET server or to any of the Service, through hacking, password mining or any other means. You may not obtain or attempt to obtain any materials or information through any means not intentionally made available through the Service.

Disclaimers

AS THE USER, YOU HEREBY ACKNOWLEDGE THAT THE SERVICE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, AND TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW. NEITHER THE PROVIDER, ITS LICENSORS OR AFFILIATES, NOR THE COPYRIGHT HOLDERS MAKE ANY REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE OR THAT SERVICE WILL NOT INFRINGE ANY THIRD PARTY’S PATENTS, COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS. THE PROVIDER OR ANY OTHER PARTY MAKE NO GUARANTEE THAT THE FUNCTIONS CONTAINED IN SERVICE WILL MEET YOUR REQUIREMENTS OR THAT THE OPERATION OF SERVICE WILL BE UNINTERRUPTED OR ERROR-FREE. YOU ASSUME ALL RESPONSIBILITY AND RISK FOR THE SELECTION AND USE OF SERVICE TO ACHIEVE YOUR INTENDED RESULTS AND FOR THE RESULTS OBTAINED FROM IT.

No other obligations. The Terms create no obligations on the part of the Provider and its licensors other than as specifically set forth herein.

Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL THE PROVIDER, ITS EMPLOYEES OR LICENSORS BE LIABLE FOR ANY LOST PROFITS, REVENUE, SALES, DATA OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, PROPERTY DAMAGE, PERSONAL INJURY, INTERRUPTION OF BUSINESS, LOSS OF BUSINESS INFORMATION OR FOR ANY SPECIAL, DIRECT, INDIRECT, INCIDENTAL, ECONOMIC, COVER, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES, HOWEVER CAUSED AND WHETHER ARISING UNDER CONTRACT, TORT, NEGLIGENCE OR OTHER THEORY OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THE SERVICE, EVEN IF THE PROVIDER OR ITS LICENSORS OR AFFILIATES ARE ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME COUNTRIES AND JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF LIABILITY, BUT MAY ALLOW LIABILITY TO BE LIMITED, IN SUCH CASES THE LIABILITY OF THE PROVIDER, ITS EMPLOYEES OR LICENSORS OR AFFILIATES SHALL BE LIMITED TO THE SUM THAT YOU PAID TO PROVIDER.

Copyright and Legal Information

ESET or its respective suppliers are owners or holders of copyright or other intellectual property rights to any other content available on the website, such as any text, documents, images, logos, icons, buttons or databases (“content”). ESET and its suppliers reserve all rights not explicitly granted to You in the Terms.

Governing Law and Language

The Terms shall be governed by and construed in accordance with Slovak law. You and ESET agree that conflict provisions of the governing law and United Nations Convention on Contracts for the International Sale of Goods shall not apply. You expressly agree that exclusive jurisdiction for any claim or dispute with ESET or relating in any way to Your use of the Software resides in District Court Bratislava I, Slovakia and you further agree and expressly consent to the exercise of the personal jurisdiction in the District Court Bratislava I in connection with any such dispute or claim.

In the case of discrepancies between the language versions the English version shall always prevail as the English version is deemed original.

General provisions

ESET reserves the right to make changes to our Services as well as to revise these Terms, Privacy Policy or any portion thereof at any time by updating the relevant document (i) to reflect changes to the Services or website or in how ESET does the business, (ii) for legal, regulatory or security reasons, or (iii) to prevent abuse or harm. You will be notified by way of web site. If you disagree with the changes to the Terms, you may cancel your registration. Unless you cancel your registration, you are bound by any amendments or revisions of the Terms. You are encouraged to periodically visit this page to review the current Terms that apply to your use of web site and Services.

Notices

All notices must be delivered to: ESET, spol. s r. o., Einsteinova 24, 851 01 Bratislava, Slovak Republic.