Find notable cyber news and cases, enriched with sources, timelines, and signals.

Operation Dragon Weave cyber-espionage campaign

Campaign
First reported
Last updated
Happening score
H score 37
1 unique sources, 1 articles

Summary

Hide ▲

The Operation Dragon Weave campaign is actively targeting officials and citizens in the Czech Republic and Taiwan with spear-phishing ZIP attachments. The infection chain uses a Rust loader, DLL side-loading, and AdaptixC2 to establish remote control and support data exfiltration. The operation also reaches government, research, academic, technology, and financial services sectors. Its final-stage payload, AZUREVEIL, uses Microsoft Azure Blob Storage for dead-drop command-and-control, reducing direct attacker infrastructure exposure.

Related Happenings

GreyVibe AI-assisted cyberespionage campaign targeting Ukraine-linked organizations

Campaign
H score39 First: 29.05.2026 01:24 Last: 29.05.2026 01:24 Sources 1

About this happening: GreyVibe is running an AI-assisted cyberespionage campaign against Ukrainian and Ukraine-related organizations, expanding the threat to military, government, civilian,...

Storm-1175 high-velocity exploit campaign

Campaign
H score59 First: 06.04.2026 19:56 Last: 06.04.2026 19:56 Sources 1

About this happening: Storm-1175 is running a high-velocity exploit campaign that rapidly turns access into Medusa ransomware deployment, creating risk of data exfiltration and encrypte...

Havoc Demon payload deployment and persistence operation

Malware Activity
H score22 First: 03.03.2026 19:15 Last: 03.03.2026 19:15 Sources 1

About this happening: A fake IT support operation is deploying Havoc Demon payloads to preserve access across compromised endpoints and support likely data exfiltration or ransomware fo...

SloppyLemming spear-phishing campaign targeting Pakistan and Bangladesh

Campaign
H score37 First: 03.03.2026 08:53 Last: 03.03.2026 08:53 Sources 1

About this happening: The SloppyLemming campaign is using spear-phishing, PDF lures, and macro-enabled Excel documents to target government entities and critical infrastructure operat...

SloppyLemming BurrowShell and Rust-based keylogger activity

Malware Activity
H score26 First: 03.03.2026 08:53 Last: 03.03.2026 08:53 Sources 1

About this happening: SloppyLemming deployed BurrowShell and a Rust-based keylogger through two attack chains, expanding its malware toolkit for backdoor access, credential theft*...

Timeline

  1. 01.06.2026 14:54 2 articles · 1mo ago

    Operation Dragon Weave targets officials and citizens in the Czech Republic and Taiwan with spear-phishing ZIP attachments

    Initial Disclosure

    Operation Dragon Weave is a cyber-espionage campaign targeting officials and citizens in the Czech Republic and Taiwan, with additional targeting of government, research, academic, technology, and financial services sectors. The infection chain uses spear-phishing emails with ZIP attachments, a malicious LNK or self-contained Rust-based launcher, PowerShell extraction of RuntimeBroker_update.exe, DLL side-loading through UnityPlayer.dll, and the RUSTCLOAK loader to deploy AZUREVEIL, an AdaptixC2 agent that uses Microsoft Azure Blob Storage as a dead-drop C2 channel and supports 36 post-compromise commands.

    Show sources