Operation Dragon Weave cyber-espionage campaign
Campaign
Summary
Hide ▲
Show ▼
The Operation Dragon Weave campaign is actively targeting officials and citizens in the Czech Republic and Taiwan with spear-phishing ZIP attachments. The infection chain uses a Rust loader, DLL side-loading, and AdaptixC2 to establish remote control and support data exfiltration. The operation also reaches government, research, academic, technology, and financial services sectors. Its final-stage payload, AZUREVEIL, uses Microsoft Azure Blob Storage for dead-drop command-and-control, reducing direct attacker infrastructure exposure.
Related Happenings
GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations
Campaign
First: 29.05.2026 01:24
Last: 29.05.2026 01:24
Sources 1
About this happening:
**GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...
GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations
CampaignAbout this happening: **GreyVibe** is running an **AI-assisted cyberespionage campaign** against **Ukrainian and Ukraine-related organizations**, expanding the threat to military, government, civilian,...
Storm-1175 high-velocity exploit campaign
Campaign
First: 06.04.2026 19:56
Last: 06.04.2026 19:56
Sources 1
About this happening:
**Storm-1175** is running a **high-velocity exploit campaign** that rapidly turns access into **Medusa ransomware** deployment, creating risk of **data exfiltration** and encrypte...
Storm-1175 high-velocity exploit campaign
CampaignAbout this happening: **Storm-1175** is running a **high-velocity exploit campaign** that rapidly turns access into **Medusa ransomware** deployment, creating risk of **data exfiltration** and encrypte...
Havoc Demon payload deployment and persistence operation
Malware Activity
First: 03.03.2026 19:15
Last: 03.03.2026 19:15
Sources 1
About this happening:
A **fake IT support** operation is deploying **Havoc Demon** payloads to preserve access across compromised endpoints and support likely **data exfiltration** or **ransomware** fo...
Havoc Demon payload deployment and persistence operation
Malware ActivityAbout this happening: A **fake IT support** operation is deploying **Havoc Demon** payloads to preserve access across compromised endpoints and support likely **data exfiltration** or **ransomware** fo...
SloppyLemming spear-phishing campaign targeting Pakistan and Bangladesh
Campaign
First: 03.03.2026 08:53
Last: 03.03.2026 08:53
Sources 1
About this happening:
The **SloppyLemming** campaign is using **spear-phishing**, **PDF lures**, and **macro-enabled Excel documents** to target **government entities and critical infrastructure operat...
SloppyLemming spear-phishing campaign targeting Pakistan and Bangladesh
CampaignAbout this happening: The **SloppyLemming** campaign is using **spear-phishing**, **PDF lures**, and **macro-enabled Excel documents** to target **government entities and critical infrastructure operat...
SloppyLemming BurrowShell and Rust-based keylogger activity
Malware Activity
First: 03.03.2026 08:53
Last: 03.03.2026 08:53
Sources 1
About this happening:
**SloppyLemming** deployed **BurrowShell** and a **Rust-based keylogger** through **two attack chains**, expanding its malware toolkit for **backdoor access**, **credential theft*...
SloppyLemming BurrowShell and Rust-based keylogger activity
Malware ActivityAbout this happening: **SloppyLemming** deployed **BurrowShell** and a **Rust-based keylogger** through **two attack chains**, expanding its malware toolkit for **backdoor access**, **credential theft*...
Timeline
-
01.06.2026 14:54 2 articles · 5h ago
Operation Dragon Weave targets officials and citizens in the Czech Republic and Taiwan with spear-phishing ZIP attachments
Initial DisclosureOperation Dragon Weave is a cyber-espionage campaign targeting officials and citizens in the Czech Republic and Taiwan, with additional targeting of government, research, academic, technology, and financial services sectors. The infection chain uses spear-phishing emails with ZIP attachments, a malicious LNK or self-contained Rust-based launcher, PowerShell extraction of RuntimeBroker_update.exe, DLL side-loading through UnityPlayer.dll, and the RUSTCLOAK loader to deploy AZUREVEIL, an AdaptixC2 agent that uses Microsoft Azure Blob Storage as a dead-drop C2 channel and supports 36 post-compromise commands.
Show sources
- China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan — thehackernews.com — 01.06.2026 14:54
- China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan — thehackernews.com — 01.06.2026 14:54