Chinese APT Hackers Exploit Microsoft Exchange to Breach Energy Sector Network

Chinese APT Hackers Exploit Microsoft Exchange to Breach Energy Sector Network

A Chinese state-linked hacking group known as FamousSparrow has quietly infiltrated an Azerbaijani oil and gas company, exploiting an unpatched Microsoft Exchange server to plant multiple backdoors inside the network. The attack ran from late December 2025 through late February 2026 and stands as one of the most detailed Chinese APT intrusions targeting energy infrastructure in the South Caucasus ever documented. The threat group did not stop at…

FamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaign

FamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaign Pierluigi Paganini May 14, 2026 Chinese-linked FamousSparrow repeatedly targeted an Azerbaijani oil and gas company, reusing the same entry point in three intrusions from Dec 2025 to Feb 2026. Chinese-linked threat actor FamousSparrow has conducted a sustained intrusion campaign against an Azerbaijani oil and gas company, returning to the same compro…

Bitdefender finds FamousSparrow energy sector campaign

Repeat breaches exposed an Azerbaijani oil and gas operator to espionage as FamousSparrow exploited Microsoft Exchange flaws for two months.

Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation

A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender with moderate-to-high confidence to a hacking group known as FamousSparrow (aka UAT-9244), which shares some level of