Back

Chinese APT FamousSparrow Breaches Energy Sector via Microsoft Exchange Exploit

Severity: High (Score: 72.6)

Sources: Gbhackers, Cybersecuritynews

Summary

Chinese state-aligned hackers, identified as FamousSparrow, infiltrated an Azerbaijani oil and gas company by exploiting an unpatched Microsoft Exchange server. The attack, which occurred from late December 2025 to late February 2026, involved deploying multiple backdoors, including Deed RAT and Terndoor, to maintain persistent access to the network. This espionage operation is notable for its duration and sophistication, marking it as one of the most detailed intrusions targeting energy infrastructure. The breach highlights vulnerabilities in critical infrastructure and the ongoing threat posed by state-sponsored actors. The full scope of the compromise and the extent of data exfiltration remain unclear, but the incident raises significant security concerns within the energy sector. Key Points: • FamousSparrow exploited an unpatched Microsoft Exchange server to breach an energy firm. • The attack lasted from late December 2025 to late February 2026, deploying multiple backdoors. • This incident highlights the ongoing threat of state-sponsored cyber operations against critical infrastructure.

Key Entities

  • FamousSparrow (apt_group)
  • Data Breach (attack_type)
  • Malware (attack_type)
  • Energy (industry)
  • Deed RAT (malware)
  • TernDoor (malware)
  • T1190 - Exploit Public-Facing Application (mitre_attack)
  • Microsoft Exchange (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed