← Back to Daily Briefing

China-aligned threat actors have launched "Operation Dragon Weave," a sophisticated cyber espionage campaign targeting high-value sectors, including government, research, academic, technology, and financial services. The campaign utilizes highly targeted spearphishing emails to deliver malicious ZIP archives containing deceptive shortcut (.LNK) files masquerading as legitimate documents. Upon execution, these files deploy the AZUREVEIL malware framework, which leverages the Adaptix Command-and-Control (C2) agent to establish persistent communication with actor-controlled infrastructure. The campaign demonstrates a strategic geographic focus on the Czech Republic and Taiwan, aiming for long-term intelligence gathering and unauthorized access within critical infrastructure and academic networks.

  • Incident/Campaign Overview

    • Identified as "Operation Dragon Weave," a coordinated cyber espionage effort.
    • Attributed to threat actors aligned with Chinese interests.
    • Primary objective involves establishing persistent Command-and-Control (C2) for intelligence exfiltration.
  • Attack Vector/Campaign Mechanics

    • Initial entry via high-precision spearphishing email campaigns.
    • Payload delivery utilizes compressed ZIP archives to bypass basic perimeter filters.
    • Execution chain relies on deceptive .LNK (shortcut) files designed to mislead users into running malicious code.
  • Malware Analysis: AZUREVEIL & Adaptix

    • Core payload is the AZUREVEIL framework, built upon the Adaptix C2 agent.
    • Designed for high stealth to maintain long-term residency on compromised hosts.
    • Facilitates advanced remote command execution and data harvesting capabilities.
  • Target Profile and Geographic Scope

    • Sector-specific targeting: Government, Research, Academia, Technology, and Financial Services.
    • Intense geographic concentration in the Czech Republic and Taiwan.
    • Focus on entities likely to hold sensitive intellectual property or state secrets.
  • Defensive Actions and Mitigation

    • Implement strict endpoint controls to prevent the execution of .LNK files originating from email attachments.
    • Enhance email gateway security to inspect and sandbox nested ZIP archives.
    • Monitor network telemetry for anomalous traffic patterns associated with the Adaptix C2 framework.

Related posts

  1. feeds.feedburner.com — China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan
  2. gbhackers.com — Hackers Use Spearphishing to Deploy AZUREVEIL Adaptix C2 Agent
  3. Aiweekly
  4. Cybersecuritynews
  5. Cti
  6. Cybersecurity-help
  7. Muckrack
  8. Cyberpress
  9. Securityweek
  10. Industrialcyber
  11. Semafor
  12. English
  13. Mzv
  14. Thehackernews
  15. Courthousenews
  16. Dark Reading — China Uses Dual-Method Cyberattack on Czech Orgs

LINK COPIED TO CLIPBOARD