Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
Summary
A Chinese-linked threat actor, identified as FamousSparrow, has been attributed to a sophisticated, multi-wave cyber intrusion targeting an unnamed Azerbaijani oil and gas company. The attacks occurred between late December 2025 and late February 2026, and involved the exploitation of Microsoft Exchange. This incident highlights an expansion of the group's targeting scope.
IFF Assessment
The article details a successful cyber intrusion by a sophisticated threat actor targeting critical infrastructure, which is detrimental to defenders.
Defender Context
This incident demonstrates the persistent threat from nation-state-aligned groups and the ongoing risks associated with Microsoft Exchange vulnerabilities. Defenders should remain vigilant for indicators of compromise related to FamousSparrow and ensure their Exchange environments are patched and monitored for suspicious activity, especially given the extended timeframe of the intrusion.