Bitdefender
FamousSparrow APT Expands Targeting to Azerbaijani Energy Sector
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
FamousSparrow, a China-aligned APT group, launched a multi-wave cyberespionage campaign against an Azerbaijani oil and gas company from late December 2025 to February 2026. The attackers employed an evolved DLL sideloading technique to deploy the Deed RAT and Terndoor backdoors, enhancing their evasion capabilities. This marks a significant expansion of their operations into the South Caucasus, a region critical for European energy security. The campaign demonstrates a strategic persistence, with attackers repeatedly exploiting the same vulnerabilities despite remediation efforts. The tools used in this operation show notable improvements, including a two-stage trigger mechanism for the Deed RAT loader. The targeting of Azerbaijan indicates a shift in Chinese APT activities, previously focused on hospitality and government sectors, now extending into critical infrastructure. The operation highlights the geopolitical implications of cyber threats in contested regions.
Key Points: • FamousSparrow targeted an Azerbaijani oil and gas company from late December 2025 to February 2026. • The group utilized advanced DLL sideloading techniques to deploy Deed RAT and Terndoor backdoors. • This operation marks a significant expansion of Chinese cyber activity into the South Caucasus energy sector.