Operation Dragon Weave is a cyber espionage campaign targeting officials and citizens in the Czech Republic and Taiwan, using spear-phishing ZIP files to deploy an AdaptixC2 agent through a Rust-based infection chain. The broader activity also includes China-aligned operations using TencShell, PhiliKit, and Cobalt Strike against government, research, and critical infrastructure targets across multiple regions. #OperationDragonWeave #AdaptixC2 #RUSTCLOAK #TencShell #PhiliKit #NegativeGlimmer #SteppeDriver #UNC5221 #TGRSTA1030 #CobaltStrike
Keypoints
- Operation Dragon Weave targets Czech Republic and Taiwan with spear-phishing ZIP attachments.
- The attack chain uses LNK files, PowerShell, DLL side-loading, and a Rust loader to deliver AdaptixC2.
- AZUREVEIL uses Microsoft Azure Blob Storage as a dead-drop C2 channel and supports 36 commands.
- Cato Networks blocked an intrusion delivering TencShell to a global manufacturing customerβs India branch.
- ESET linked multiple China-aligned groups to active campaigns, including SteppeDriver, PhiliKit, and NegativeGlimmer.
Read More: https://thehackernews.com/2026/06/china-aligned-groups-ramp-up-attacks.html