AdaptixC2 threat-actor adoption for post-exploitation
Malware Activity
Summary
Hide ▲
Show ▼
The AdaptixC2 malware-activity happening now includes a cyber-espionage campaign called Operation Dragon Weave that targets officials and citizens in the Czech Republic and Taiwan. The activity uses spear-phishing ZIP attachments, a Rust loader, and DLL side-loading to deploy a payload chain that ends with AZUREVEIL, an AdaptixC2 agent using Microsoft Azure Blob Storage for dead-drop C2. Seqrite Labs says the agent supports 36 commands for post-compromise control, including file operations, shell execution, process control, port forwarding, SOCKS proxying, and BOF execution. The broader happening still reflects AdaptixC2 moving into malicious post-exploitation use by multiple threat actors.
Related Happenings
REF8372 malicious Google Ads CastleStealer delivery campaign
Campaign
H score27
First: 22.06.2026 16:20
Last: 22.06.2026 16:20
Sources 1
About this happening:
The **REF8372** campaign now uses **malicious Google Ads** and a fake **Node.js** download site to deliver **OXLOADER** and **CastleStealer**, putting search users at risk of malw...
REF8372 malicious Google Ads CastleStealer delivery campaign
CampaignAbout this happening: The **REF8372** campaign now uses **malicious Google Ads** and a fake **Node.js** download site to deliver **OXLOADER** and **CastleStealer**, putting search users at risk of malw...
Atlas RAT and related loaders deployed for remote access and credential theft
Malware Activity
H score33
First: 04.06.2026 00:45
Last: 04.06.2026 00:45
Sources 1
About this happening:
**TA4922**, a **China-linked** and likely **financially motivated** malware activity, has expanded beyond **East Asia** into **Europe** and **Africa**. The group uses **Atlas RAT*...
Atlas RAT and related loaders deployed for remote access and credential theft
Malware ActivityAbout this happening: **TA4922**, a **China-linked** and likely **financially motivated** malware activity, has expanded beyond **East Asia** into **Europe** and **Africa**. The group uses **Atlas RAT*...
Operation Dragon Weave cyber-espionage campaign
Campaign
H score37
First: 01.06.2026 14:54
Last: 01.06.2026 14:54
Sources 1
How related:
A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent.
About this happening:
The **Operation Dragon Weave** campaign is actively targeting **officials and citizens in the Czech Republic and Taiwan** with **spear-phishing ZIP attachments**. The infection ch...
Operation Dragon Weave cyber-espionage campaign
CampaignHow related: A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent.
About this happening: The **Operation Dragon Weave** campaign is actively targeting **officials and citizens in the Czech Republic and Taiwan** with **spear-phishing ZIP attachments**. The infection ch...
GlassWorm supply-chain malware activity
Malware Activity
H score22
First: 27.05.2026 14:48
Last: 27.05.2026 14:48
Sources 1
About this happening:
The **GlassWorm** malware activity is now under a coordinated **C2 disruption**, reducing its ability to deliver new instructions and payloads to infected developer systems. The o...
GlassWorm supply-chain malware activity
Malware ActivityAbout this happening: The **GlassWorm** malware activity is now under a coordinated **C2 disruption**, reducing its ability to deliver new instructions and payloads to infected developer systems. The o...
MuddyWater broad cyber-espionage campaign across sectors and countries
Campaign
H score37
First: 14.05.2026 00:59
Last: 14.05.2026 00:59
Sources 1
About this happening:
**MuddyWater** was tied to a **2026 espionage campaign** affecting **at least nine organizations** across **nine countries** on **four continents**, with victims in **industrial a...
MuddyWater broad cyber-espionage campaign across sectors and countries
CampaignAbout this happening: **MuddyWater** was tied to a **2026 espionage campaign** affecting **at least nine organizations** across **nine countries** on **four continents**, with victims in **industrial a...
Timeline
-
30.10.2025 18:40 3 articles · 8mo ago
Initial report: AdaptixC2 threat-actor adoption for post-exploitation
Initial DisclosureA public **August 2024** release established **AdaptixC2** as an open-source red-team framework. In recent months, it shifted into **malicious adoption** by groups tied to **Fog** and **Akira** and by an **initial access broker**.
Show sources
- Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks — thehackernews.com — 30.10.2025 18:40
- Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks — thehackernews.com — 30.10.2025 18:40
- China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan — thehackernews.com — 01.06.2026 14:54