A China-linked threat actor, identified as FamousSparrow (also known as UAT-9244), executed a persistent, multi-wave intrusion campaign against an Azerbaijani oil and gas company, exploiting Microsoft Exchange vulnerabilities. This activity, spanning from late December 2025 through late February 2026, represents an expansion of the group's targeting scope and methodologies1. Security firm Bitdefender attributed these operations with moderate-to-high confidence, detailing repeated compromises of the unnamed energy firm's systems. The campaign involved initial breaches followed by sustained exploitation of Microsoft Exchange infrastructure to ensure continuous access, indicating a strategic, long-term intelligence gathering objective. Such sustained access to critical infrastructure organizations suggests a potential for data exfiltration, reconnaissance, or pre-positioning for future disruptive actions. This incident underscores the ongoing threat posed by state-sponsored entities leveraging common vulnerabilities against geopolitical targets and highlights the urgent necessity for advanced threat detection and resilient cyber defenses within the energy sector to counteract sophisticated, persistent adversaries.
Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
⚡ High Priority
Why This Matters
A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late.
References
- The Hacker News. (2026, May 13). Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation. *The Hacker News*. https://thehackernews.com/2026/05/azerbaijani-energy-firm-hit-by-repeated.html
Original Source
The Hacker News
Read original →