Attack on Azerbaijani energy company via Microsoft Exchange

Colleagues, a cybersecurity alert: Bitdefender observed a multi‑wave campaign against an Azerbaijani oil & gas company exploiting a vulnerable Microsoft Exchange.
- Attribution: FamousSparrow; initial access — ProxyNotShell.
- Deployed Deed RAT and TernDoor; used DLL side‑loading via legitimate binaries and Mofu Loader.
- Returned to the same entry point, installed web shells, expanded lateral access; C2 — sentinelonepro.
Important: the campaign shows persistence — the flaw will be exploited until patching, credential rotation and full eradication of artifacts are completed.
How are you testing your Exchange defenses and readiness for follow‑on waves?
#cybersecurity #energy #MicrosoftExchange #APT


Latest comments
No comments yet.