ThreatCluster

Chinese APT FamousSparrow Breaches Energy Sector via Microsoft Exchange Exploit

First seen 14 May 2026, 21:15 UTC GbhackersCybersecuritynews 92% similarity 73

Article Content

Browse articles
ThreatCluster

Chinese state-aligned hackers, identified as FamousSparrow, infiltrated an Azerbaijani oil and gas company by exploiting an unpatched Microsoft Exchange server. The attack, which occurred from late December 2025 to late February 2026, involved deploying multiple backdoors, including Deed RAT and Terndoor, to maintain persistent access to the network. This espionage operation is notable for its duration and sophistication, marking it as one of the most detailed intrusions targeting energy infrastructure. The breach highlights vulnerabilities in critical infrastructure and the ongoing threat posed by state-sponsored actors. The full scope of the compromise and the extent of data exfiltration remain unclear, but the incident raises significant security concerns within the energy sector.

Key Points: • FamousSparrow exploited an unpatched Microsoft Exchange server to breach an energy firm. • The attack lasted from late December 2025 to late February 2026, deploying multiple backdoors. • This incident highlights the ongoing threat of state-sponsored cyber operations against critical infrastructure.

ThreatCluster AI

Timeline

2025-12-31
Breach initiated
FamousSparrow began exploiting the unpatched Microsoft Exchange server at the energy firm.
Cybersecuritynews
2026-02-28
Attack concluded
The espionage operation by FamousSparrow was reported to have ended, maintaining deep access throughout.
Cybersecuritynews
2026-05-14
Incident reported
Both Gbhackers and Cybersecuritynews published articles detailing the breach and its implications.
Gbhackers

Community

Browse all →