Energy Company Targeted in Ongoing Cyberattack Campaign
Cybersecurity researchers have uncovered a series of sophisticated cyberattacks targeting an Azerbaijani oil and gas company over several months. Experts believe the attacks were carried out by a Chinese-linked hacking group known as “FamousSparrow,” which repeatedly returned to the company’s network even after earlier intrusions were discovered and blocked.
According to researchers, the hackers first gained access by exploiting a known weakness in Microsoft Exchange Server software, which is commonly used for email and communication systems inside organizations. Even after security teams attempted to remove the attackers, the group managed to break back into the network multiple times using the same entry point. This demonstrated a high level of persistence and planning.
Once inside the company’s systems, the attackers reportedly installed several types of remote access malware, including a tool called “Deed RAT.” This malware allowed the hackers to secretly monitor systems, maintain access, and potentially steal sensitive information. Researchers also found that the attackers used advanced techniques designed to avoid detection by security software.
Security experts say the attacks are significant because they targeted critical energy infrastructure during a time of growing geopolitical tension and global energy instability. Azerbaijan has become increasingly important in supplying energy to Europe, making companies in the region attractive targets for cyber espionage and intelligence gathering.
Researchers noted that the hackers appeared focused on maintaining long-term access rather than causing immediate disruption. This type of operation is often associated with state-sponsored cyber espionage, where attackers quietly collect information over an extended period. Fortunately, reports indicate that operational technology systems — the systems directly involved in energy production — were not affected during the attacks.
Cybersecurity professionals warn that the incident highlights the growing threat facing energy companies and other critical infrastructure organizations worldwide. The repeated intrusions show how attackers will continue exploiting the same vulnerability until systems are fully secured, passwords are reset, and all unauthorized access is removed. Experts say organizations must regularly update software, monitor networks closely, and strengthen cybersecurity defenses to reduce the risk of similar attacks in the future.
