THE China-linked FamousSparrow APT has targeted an Azerbaijani oil-and-gas company in the South Caucasus, with BitDefender researchers noting the attack used a unique DLL sideloading technique to evade some defenses and install remote access tools, while the operational technology networks were not affected.
First detected in 2021 by ESET, the group has previously focused on hotels, government agencies and financial organisations across North America, Europe, South America and the Middle East, making Azerbaijan a new focal point. BitDefender’s analysis highlights a two-stage mechanism for sideloading malware using DLLs and modifications to the Deed RAT remote access tool, designed to complicate analysis by gating payload execution behind a specific instruction sequence.
The South Caucasus region has gained strategic importance as an energy corridor for the EU, even as Russia has long used cyber operations to exert influence in the area. According to BitDefender, the FamousSparrow operations in Azerbaijan appear to have begun in late December and lasted until the end of February.