FamousSparrow Azerbaijanian oil-and-gas targeting campaign
Campaign
Summary
Hide ▲
Show ▼
The China-linked FamousSparrow group ran a targeted cyberespionage campaign against an Azerbaijanian oil-and-gas company in the South Caucasus, highlighting a new regional industry focus. The operation lasted from late December through the end of February, showing sustained activity rather than a one-off intrusion. The attackers used DLL sideloading and remote access tools to evade defenses, while the victim's OT networks were not affected.
Related Happenings
Operation Endgame takedown of Amadey and StealC infrastructure
Law Enforcement
H score66
First: 24.06.2026 18:02
Last: 24.06.2026 18:02
Sources 1
About this happening:
An **international law-enforcement takedown** under **Operation Endgame** disrupted shared infrastructure used by **Amadey** and **StealC**, with **Microsoft**, **Europol**, and i...
Operation Endgame takedown of Amadey and StealC infrastructure
Law EnforcementAbout this happening: An **international law-enforcement takedown** under **Operation Endgame** disrupted shared infrastructure used by **Amadey** and **StealC**, with **Microsoft**, **Europol**, and i...
FamousSparrow multi-wave intrusion campaign against Azerbaijani oil and gas company
Campaign
H score39
First: 13.05.2026 16:00
Last: 13.05.2026 16:00
Sources 1
About this happening:
A **China-affiliated** actor tracked as **FamousSparrow (UAT-9244)** ran a **multi-wave intrusion** against an **unnamed Azerbaijani oil and gas company** from **late December 202...
FamousSparrow multi-wave intrusion campaign against Azerbaijani oil and gas company
CampaignAbout this happening: A **China-affiliated** actor tracked as **FamousSparrow (UAT-9244)** ran a **multi-wave intrusion** against an **unnamed Azerbaijani oil and gas company** from **late December 202...
Deed RAT and TernDoor multi-wave deployment
Malware Activity
H score31
First: 13.05.2026 16:00
Last: 13.05.2026 16:00
Sources 1
About this happening:
A **multi-wave malware deployment** delivered **Deed RAT (Snappybee)** and **TernDoor** into an **Azerbaijani oil and gas company** across **three waves**, creating repeated footh...
Deed RAT and TernDoor multi-wave deployment
Malware ActivityAbout this happening: A **multi-wave malware deployment** delivered **Deed RAT (Snappybee)** and **TernDoor** into an **Azerbaijani oil and gas company** across **three waves**, creating repeated footh...
SHADOW-EARTH-053 China-aligned espionage campaign against Asian government and defense targets
Campaign
H score39
First: 01.05.2026 17:02
Last: 01.05.2026 17:02
Sources 1
About this happening:
**SHADOW-EARTH-053** is running an active **China-aligned espionage campaign** against **government and defense** targets across **South, East, and Southeast Asia** and **Poland**...
SHADOW-EARTH-053 China-aligned espionage campaign against Asian government and defense targets
CampaignAbout this happening: **SHADOW-EARTH-053** is running an active **China-aligned espionage campaign** against **government and defense** targets across **South, East, and Southeast Asia** and **Poland**...
APT28 Windows Shell LNK campaign targeting Ukraine and E.U. nations
Campaign
H score39
First: 28.04.2026 08:50
Last: 28.04.2026 08:50
Sources 1
About this happening:
A **December 2025** **APT28** campaign targeted **Ukraine** and **E.U. nations** with a **malicious Windows Shortcut (LNK)** chain that bypassed **Microsoft Defender SmartScreen**...
APT28 Windows Shell LNK campaign targeting Ukraine and E.U. nations
CampaignAbout this happening: A **December 2025** **APT28** campaign targeted **Ukraine** and **E.U. nations** with a **malicious Windows Shortcut (LNK)** chain that bypassed **Microsoft Defender SmartScreen**...
Timeline
-
13.05.2026 16:00 2 articles · 1mo ago
BitDefender discloses FamousSparrow targeting of an Azerbaijanian oil-and-gas company
Initial DisclosureBitDefender disclosed that the China-linked FamousSparrow group targeted an Azerbaijanian oil-and-gas company in the South Caucasus, using DLL sideloading to evade defenses, stage payloads, and install remote access tools with Deed RAT modifications; the victim detected activity on specific workstations and cleaned them, but a vulnerable Microsoft Exchange server remained unpatched and enabled two subsequent attacks, and OT networks were not affected.
Show sources
- China's 'FamousSparrow' APT Nests in South Caucasus Energy Firm — www.darkreading.com — 13.05.2026 16:00
- China's 'FamousSparrow' APT Nests in South Caucasus Energy Firm — www.darkreading.com — 13.05.2026 16:00