FamousSparrow (UAT-9244) three-wave intrusion of Azerbaijani oil & gas operator Dec 2025 – Feb 2026; ProxyNotShell re-exploit + novel two-stage export-gated DLL sideloading
campaign · campaign:famoussparrow-azerbaijan-2026
Coverage timeline
1
first 2026-05-14 → last 2026-05-14
Briefs
1
1 distinct
Sources cited
5
5 hosts
Sections touched
1
deep_dive
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-05-14CTI Daily Brief — 2026-05-14
Where this entity is cited
- deep_dive1
Source distribution
- advisories.ncsc.nl1 (20%)
- bitdefender.com1 (20%)
- github.com1 (20%)
- helpnetsecurity.com1 (20%)
- thehackernews.com1 (20%)
All cited sources (5)
- bitdefender.comprimaryinlineBitdefender Business Insights, 2026-05-13https://www.bitdefender.com/en-us/blog/businessinsights/famoussparrow-apt-targets-azerbaijani-oil-gas-industry
- advisories.ncsc.nlinlineNCSC-NL NCSC-2026-0161, 2026-05-15https://advisories.ncsc.nl/csaf/v2/2026/ncsc-2026-0161.json
- github.cominline`HealthChecker.ps1`https://github.com/microsoft/CSS-Exchange
- helpnetsecurity.cominlineHelp Net Security, 2026-05-14https://www.helpnetsecurity.com/2026/05/14/sophos-2026-identity-breach-costs-report/
- thehackernews.cominlineThe Hacker News, 2026-05-13https://thehackernews.com/2026/05/azerbaijani-energy-firm-hit-by-repeated.html
Items in briefs about FamousSparrow (UAT-9244) three-wave intrusion of Azerbaijani oil & gas operator Dec 2025 – Feb 2026; ProxyNotShell re-exploit + novel two-stage export-gated DLL sideloading
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.