FamousSparrow (UAT-9244) three-wave intrusion of Azerbaijani oil & gas operator Dec 2025 – Feb 2026; ProxyNotShell re-exploit + novel two-stage export-gated DLL sideloading
campaign · campaign:famoussparrow-azerbaijan-2026
Coverage timeline
1
first 2026-05-14 → last 2026-05-14
Briefs
1
1 distinct
Sources cited
3
3 hosts
Sections touched
1
deep_dive
Co-occurring entities
0
no co-occurrence
Story timeline
- 2026-05-14CTI Daily Brief — 2026-05-14
Where this entity is cited
- deep_dive1
Source distribution
- bitdefender.com1 (33%)
- github.com1 (33%)
- thehackernews.com1 (33%)
All cited sources (3)
- bitdefender.comprimaryinlineBitdefender Labs, 2026-05-13https://www.bitdefender.com/en-us/blog/businessinsights/famoussparrow-apt-targets-azerbaijani-oil-gas-industry
- github.cominline`HealthChecker.ps1`https://github.com/microsoft/CSS-Exchange
- thehackernews.cominlineThe Hacker News, 2026-05-13https://thehackernews.com/2026/05/azerbaijani-energy-firm-hit-by-repeated.html
Items in briefs about FamousSparrow (UAT-9244) three-wave intrusion of Azerbaijani oil & gas operator Dec 2025 – Feb 2026; ProxyNotShell re-exploit + novel two-stage export-gated DLL sideloading
No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.