Find notable cyber news and cases, enriched with sources, timelines, and signals.

AdaptixC2 threat-actor adoption for post-exploitation

Malware Activity
First reported
Last updated
Happening score
H score 38
1 unique sources, 2 articles

Summary

Hide ▲

The AdaptixC2 malware-activity happening now includes a cyber-espionage campaign called Operation Dragon Weave that targets officials and citizens in the Czech Republic and Taiwan. The activity uses spear-phishing ZIP attachments, a Rust loader, and DLL side-loading to deploy a payload chain that ends with AZUREVEIL, an AdaptixC2 agent using Microsoft Azure Blob Storage for dead-drop C2. Seqrite Labs says the agent supports 36 commands for post-compromise control, including file operations, shell execution, process control, port forwarding, SOCKS proxying, and BOF execution. The broader happening still reflects AdaptixC2 moving into malicious post-exploitation use by multiple threat actors.

Related Happenings

REF8372 malicious Google Ads CastleStealer delivery campaign

Campaign
H score27 First: 22.06.2026 16:20 Last: 22.06.2026 16:20 Sources 1

About this happening: The **REF8372** campaign now uses **malicious Google Ads** and a fake **Node.js** download site to deliver **OXLOADER** and **CastleStealer**, putting search users at risk of malw...

Atlas RAT and related loaders deployed for remote access and credential theft

Malware Activity
H score33 First: 04.06.2026 00:45 Last: 04.06.2026 00:45 Sources 1

About this happening: **TA4922**, a **China-linked** and likely **financially motivated** malware activity, has expanded beyond **East Asia** into **Europe** and **Africa**. The group uses **Atlas RAT*...

Operation Dragon Weave cyber-espionage campaign

Campaign
H score37 First: 01.06.2026 14:54 Last: 01.06.2026 14:54 Sources 1

How related: A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent.

About this happening: The **Operation Dragon Weave** campaign is actively targeting **officials and citizens in the Czech Republic and Taiwan** with **spear-phishing ZIP attachments**. The infection ch...

GlassWorm supply-chain malware activity

Malware Activity
H score22 First: 27.05.2026 14:48 Last: 27.05.2026 14:48 Sources 1

About this happening: The **GlassWorm** malware activity is now under a coordinated **C2 disruption**, reducing its ability to deliver new instructions and payloads to infected developer systems. The o...

MuddyWater broad cyber-espionage campaign across sectors and countries

Campaign
H score37 First: 14.05.2026 00:59 Last: 14.05.2026 00:59 Sources 1

About this happening: **MuddyWater** was tied to a **2026 espionage campaign** affecting **at least nine organizations** across **nine countries** on **four continents**, with victims in **industrial a...

Timeline

  1. 30.10.2025 18:40 3 articles · 8mo ago

    Initial report: AdaptixC2 threat-actor adoption for post-exploitation

    Initial Disclosure

    A public **August 2024** release established **AdaptixC2** as an open-source red-team framework. In recent months, it shifted into **malicious adoption** by groups tied to **Fog** and **Akira** and by an **initial access broker**.

    Show sources