- A China-aligned cyber espionage campaign, Operation Dragon Weave, has targeted officials and citizens in the Czech Republic and Taiwan.
- The attackers used spear-phishing emails to deploy the Azure-hosted AdaptixC2 malware through a sophisticated Rust-based infection chain.
- Separately, security firms have documented other active Chinese threat groups, including one using a new Go-based implant called TencShell.
- The attacks are part of a sustained global campaign targeting government, technology, and critical infrastructure sectors.
A new China-aligned cyber espionage campaign, dubbed Operation Dragon Weave, has been observed targeting government and private sector officials in the Czech Republic and Taiwan. According to Seqrite Labs, the campaign delivers a final payload called AZUREVEIL, an agent for the AdaptixC2 framework.
The infection chain begins with spear-phishing emails containing malicious ZIP attachments. However, the attackers cleverly use two different pathways to launch the malware, including a Rust-based loader designed to evade detection.
Consequently, the deployed AZUREVEIL agent leverages Microsoft Azure Blob Storage for command-and-control, employing a dead drop approach for stealth. The malware supports 36 commands, granting attackers extensive control over compromised systems.
Meanwhile, Cato Networks reported a separate attempted intrusion against a global manufacturer’s Indian branch. This attack involved a previously undocumented Go-based implant derived from the open-source rshell framework.
Furthermore, ESET confirmed China-aligned groups remained highly active from October 2025 through March 2026. Their report highlights new toolkits and a continued focus on strategic technologies, aligning with Beijing’s industrial policies.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
