Widely attributedUnknownFamousSparrow
China-nexus APT active since 2019, targeting hotels, governments and private companies worldwide. Shares tooling overlaps with Earth Estries and GhostEmperor but assessed as a distinct cluster. Primarily uses SparrowDoor and CrowDoor backdoors.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 LowAttribution signals
11 mentions · 5 sources"Researchers attributed a months-long intrusion against an Azerbaijani oil and gas company to the Chinese-linked FamousSparrow group"
"China-linked group FamousSparrow targeted a Venezuelan governmental group focused on maritime affairs"
"FamousSparrow embarked on a tour of Latin America, targeting multiple governmental entities in the region."
"FamousSparrow targeted a Venezuelan governmental entity connected to maritime affairs, likely to monitor the resilience of oil shipments after the US intervention."
"this is the first time that China-linked groups have been discovered in Azerbaijanian industries"
"the China-linked FamousSparrow group has targeted an Azerbaijanian oil-and-gas company in the South Caucasus region"
"Draculoader: A generic shellcode loader deployed by UAT-8302, also used by the Earth Estries and Earth Naga APT groups who have histories of targeting government agencies in Southeast Asia and elsewhere."
"Although potential links to known groups such as Earth Estries were considered, attribution was assessed with low confidence."
"The latest research suggests that China has begun to focus on South Caucasus with its own cyber operations."
"FamousSparrow targets Azerbaijani energy sector in multi-wave espionage campaign"
Hedge terms observed