Cyberattacks on Azerbaijani Company

An Azerbaijani oil and gas company was targeted by a series of cyberattacks between late December 2025 and late February 2026. These attacks were carried out by a hacker group with ties to China, known as FamousSparrow (also referred to as UAT-9244). The security firm Bitdefender has attributed the activities of this group with moderate to high confidence. The attacks have been classified as "multi-wave intrusion," indicating a coordinated and multi-layered approach. Reportedly, the attackers exploited vulnerabilities in Microsoft Exchange to infiltrate the company's systems.

This type of attack is particularly concerning as it targets critical infrastructures that are significant for a country's national security and economy. FamousSparrow is known for its targeted attacks on companies across various sectors, especially in the energy sector. The group has previously employed similar tactics to gain access to sensitive data and potentially cause economic damage. The repeated attacks on the Azerbaijani company suggest a possible expansion of this group's targeting objectives. The security situation in Azerbaijan has worsened in recent years as the country plays a strategic role in energy supply.

Attacks on companies in this sector could have not only economic but also geopolitical implications. Experts warn that such cyberattacks could jeopardize the stability of the region. The response of the affected company to the attacks remains unclear. However, it is expected that it will take measures to enhance cybersecurity to prevent future incidents. Implementing security updates and training employees regarding cyber threats could be part of this strategy.

Incidents also raise questions about the accountability of software providers. Microsoft has previously provided security updates for Exchange to close known vulnerabilities. However, the effectiveness of these updates is called into question when companies do not update in a timely manner or fail to adhere to security policies. The international community is closely monitoring developments in Azerbaijan. Cyberattacks on critical infrastructures are a growing problem that affects not only national security authorities but also businesses and citizens.

The need for a global approach to combat such threats is becoming increasingly clear. The security firm Bitdefender has noted in its report that the attacks on the Azerbaijani company are part of a larger trend where state-sponsored hacker groups specifically target companies in strategic sectors. These attacks could have long-term implications for energy supply and economic stability in the region. The incidents were reported by Bitdefender on May 14, 2026, highlighting the urgency of the situation. The security situation in Azerbaijan remains tense as companies and authorities attempt to prepare against such threats.