The cyberthreat group targets an Azerbaijani oil-and-gas firm with repeated attack, as the China-linked actors extend targeting beyond hotels and telcos.

DR (DZone Research) offers insights into software development trends, industry surveys, and technology adoption patterns, providing reports, whitepapers, and analyst insights to help businesses make informed decisions and stay competitive in the ever-evolving tech landscape. By exploring DR's curated content, developers can gain insights into emerging technologies, developer preferences, and industry best practices for building innovative and market-leading software solutions. Whether you're a startup founder, product manager, or tech executive, DR offers resources to guide your strategic planning and drive business success.

Dark Reading

China-linked APT group FamousSparrow has targeted an Azerbaijani oil-and-gas company in the South Caucasus region, marking the first known Chinese cyber operation in Azerbaijani industry. The attackers used an improved two-stage DLL sideloading technique to evade detection and deploy the Deed RAT remote access tool. The victim's failure to patch a vulnerable Microsoft Exchange server allowed FamousSparrow to return for two additional attacks after initial remediation. Researchers note possible links between FamousSparrow and Salt Typhoon but treat them as distinct clusters, potentially sharing tools via a centralized Chinese 'digital quartermaster.' The South Caucasus region has grown strategically important as an EU energy corridor, attracting new geopolitical cyber interest from China.

China's 'FamousSparrow' APT Nests in South Caucasus Energy Firm

Is FamousSparrow Flocking With Salt Typhoon?

China's Central Armory of APT Tools & Malware?