VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Attack on Azerbaijani energy company via Microsoft Exchange

Атака на азербайджанскую энергокомпанию через Microsoft Exchange

Colleagues, a cybersecurity alert: Bitdefender observed a multi‑wave campaign against an Azerbaijani oil & gas company exploiting a vulnerable Microsoft Exchange.

- Attribution: FamousSparrow; initial access — ProxyNotShell.
- Deployed Deed RAT and TernDoor; used DLL side‑loading via legitimate binaries and Mofu Loader.
- Returned to the same entry point, installed web shells, expanded lateral access; C2 — sentinelonepro.

Important: the campaign shows persistence — the flaw will be exploited until patching, credential rotation and full eradication of artifacts are completed.

How are you testing your Exchange defenses and readiness for follow‑on waves?

#cybersecurity #energy #MicrosoftExchange #APT

Latest comments

No comments yet.