Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

FamousSparrow Azerbaijanian oil-and-gas targeting campaign

Campaign
First reported
Last updated
Happening score
H score 37
1 unique sources, 1 articles

Summary

Hide ▲

The China-linked FamousSparrow group ran a targeted cyberespionage campaign against an Azerbaijanian oil-and-gas company in the South Caucasus, highlighting a new regional industry focus. The operation lasted from late December through the end of February, showing sustained activity rather than a one-off intrusion. The attackers used DLL sideloading and remote access tools to evade defenses, while the victim's OT networks were not affected.

Related Happenings

FamousSparrow multi-wave intrusion campaign against Azerbaijani oil and gas company

Campaign
First: 13.05.2026 16:00 Last: 13.05.2026 16:00 Sources 1

About this happening: A **China-affiliated** actor tracked as **FamousSparrow (UAT-9244)** ran a **multi-wave intrusion** against an **unnamed Azerbaijani oil and gas company** from **late December 202...

Open Happening

Deed RAT and TernDoor multi-wave deployment

Malware Activity
First: 13.05.2026 16:00 Last: 13.05.2026 16:00 Sources 1

About this happening: A **multi-wave malware deployment** delivered **Deed RAT (Snappybee)** and **TernDoor** into an **Azerbaijani oil and gas company** across **three waves**, creating repeated footh...

Open Happening

SHADOW-EARTH-053 China-aligned espionage campaign against Asian government and defense targets

Campaign
First: 01.05.2026 17:02 Last: 01.05.2026 17:02 Sources 1

About this happening: **SHADOW-EARTH-053** is running an active **China-aligned espionage campaign** against **government and defense** targets across **South, East, and Southeast Asia** and **Poland**...

Open Happening

APT28 Windows Shell LNK campaign targeting Ukraine and E.U. nations

Campaign
First: 28.04.2026 08:50 Last: 28.04.2026 08:50 Sources 1

About this happening: A **December 2025** **APT28** campaign targeted **Ukraine** and **E.U. nations** with a **malicious Windows Shortcut (LNK)** chain that bypassed **Microsoft Defender SmartScreen**...

Open Happening

Windows zero-day exploitation wave

Exploitation Wave
First: 17.04.2026 09:14 Last: 17.04.2026 09:14 Sources 1

About this happening: **BlueHammer**, **RedSun**, and **UnDefend** are being exploited in the wild against **Windows** devices, creating active risk of **SYSTEM** or elevated administrator compromise....

Latest development: 23.04.2026 14:05

CISA added BlueHammer, tracked as CVE-2026-33825, to its Known Exploited Vulnerabilities (KEV) Catalog and ordered Federal Civilian Executive Branch (FCEB) agencies to patch Microsoft Defender on Windows systems within two weeks, until May 7. The federal directive targets ongoing zero-day abuse of the flaw on U.S. government systems.

Open Happening

Timeline

  1. 13.05.2026 16:00 2 articles · 14d ago

    BitDefender discloses FamousSparrow targeting of an Azerbaijanian oil-and-gas company

    Initial Disclosure

    BitDefender disclosed that the China-linked FamousSparrow group targeted an Azerbaijanian oil-and-gas company in the South Caucasus, using DLL sideloading to evade defenses, stage payloads, and install remote access tools with Deed RAT modifications; the victim detected activity on specific workstations and cleaned them, but a vulnerable Microsoft Exchange server remained unpatched and enabled two subsequent attacks, and OT networks were not affected.

    Show sources
    Open in new tab