Operation Dragon Weave cyber-espionage campaign
Campaign
Summary
Hide ▲
Show ▼
The Operation Dragon Weave campaign is actively targeting officials and citizens in the Czech Republic and Taiwan with spear-phishing ZIP attachments. The infection chain uses a Rust loader, DLL side-loading, and AdaptixC2 to establish remote control and support data exfiltration. The operation also reaches government, research, academic, technology, and financial services sectors. Its final-stage payload, AZUREVEIL, uses Microsoft Azure Blob Storage for dead-drop command-and-control, reducing direct attacker infrastructure exposure.
Related Happenings
GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations
Campaign
H score39
First: 29.05.2026 01:24
Last: 29.05.2026 01:24
Sources 1
About this happening:
GreyVibe is running an AI-assisted cyberespionage campaign against Ukrainian and Ukraine-related organizations, expanding the threat to military, government, civilian,...
GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations
CampaignAbout this happening: GreyVibe is running an AI-assisted cyberespionage campaign against Ukrainian and Ukraine-related organizations, expanding the threat to military, government, civilian,...
Storm-1175 high-velocity exploit campaign
Campaign
H score59
First: 06.04.2026 19:56
Last: 06.04.2026 19:56
Sources 1
About this happening:
Storm-1175 is running a high-velocity exploit campaign that rapidly turns access into Medusa ransomware deployment, creating risk of data exfiltration and encrypte...
Storm-1175 high-velocity exploit campaign
CampaignAbout this happening: Storm-1175 is running a high-velocity exploit campaign that rapidly turns access into Medusa ransomware deployment, creating risk of data exfiltration and encrypte...
Havoc Demon payload deployment and persistence operation
Malware Activity
H score22
First: 03.03.2026 19:15
Last: 03.03.2026 19:15
Sources 1
About this happening:
A fake IT support operation is deploying Havoc Demon payloads to preserve access across compromised endpoints and support likely data exfiltration or ransomware fo...
Havoc Demon payload deployment and persistence operation
Malware ActivityAbout this happening: A fake IT support operation is deploying Havoc Demon payloads to preserve access across compromised endpoints and support likely data exfiltration or ransomware fo...
SloppyLemming spear-phishing campaign targeting Pakistan and Bangladesh
Campaign
H score37
First: 03.03.2026 08:53
Last: 03.03.2026 08:53
Sources 1
About this happening:
The SloppyLemming campaign is using spear-phishing, PDF lures, and macro-enabled Excel documents to target government entities and critical infrastructure operat...
SloppyLemming spear-phishing campaign targeting Pakistan and Bangladesh
CampaignAbout this happening: The SloppyLemming campaign is using spear-phishing, PDF lures, and macro-enabled Excel documents to target government entities and critical infrastructure operat...
SloppyLemming BurrowShell and Rust-based keylogger activity
Malware Activity
H score26
First: 03.03.2026 08:53
Last: 03.03.2026 08:53
Sources 1
About this happening:
SloppyLemming deployed BurrowShell and a Rust-based keylogger through two attack chains, expanding its malware toolkit for backdoor access, credential theft*...
SloppyLemming BurrowShell and Rust-based keylogger activity
Malware ActivityAbout this happening: SloppyLemming deployed BurrowShell and a Rust-based keylogger through two attack chains, expanding its malware toolkit for backdoor access, credential theft*...
Timeline
-
01.06.2026 14:54 2 articles · 1mo ago
Operation Dragon Weave targets officials and citizens in the Czech Republic and Taiwan with spear-phishing ZIP attachments
Initial DisclosureOperation Dragon Weave is a cyber-espionage campaign targeting officials and citizens in the Czech Republic and Taiwan, with additional targeting of government, research, academic, technology, and financial services sectors. The infection chain uses spear-phishing emails with ZIP attachments, a malicious LNK or self-contained Rust-based launcher, PowerShell extraction of RuntimeBroker_update.exe, DLL side-loading through UnityPlayer.dll, and the RUSTCLOAK loader to deploy AZUREVEIL, an AdaptixC2 agent that uses Microsoft Azure Blob Storage as a dead-drop C2 channel and supports 36 post-compromise commands.
Show sources
- China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan — thehackernews.com — 01.06.2026 14:54
- China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan — thehackernews.com — 01.06.2026 14:54