Chinese APT FamousSparrow Breaches Energy Sector via Microsoft Exchange Exploit
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Chinese state-aligned hackers, identified as FamousSparrow, infiltrated an Azerbaijani oil and gas company by exploiting an unpatched Microsoft Exchange server. The attack, which occurred from late December 2025 to late February 2026, involved deploying multiple backdoors, including Deed RAT and Terndoor, to maintain persistent access to the network. This espionage operation is notable for its duration and sophistication, marking it as one of the most detailed intrusions targeting energy infrastructure. The breach highlights vulnerabilities in critical infrastructure and the ongoing threat posed by state-sponsored actors. The full scope of the compromise and the extent of data exfiltration remain unclear, but the incident raises significant security concerns within the energy sector.
Key Points: • FamousSparrow exploited an unpatched Microsoft Exchange server to breach an energy firm. • The attack lasted from late December 2025 to late February 2026, deploying multiple backdoors. • This incident highlights the ongoing threat of state-sponsored cyber operations against critical infrastructure.