Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Cyber Espionage Campaign Targets Czech Republic and Taiwan

Cyber Espionage Campaign Targets Czech Republic and Taiwan

Posted on June 1, 2026 By CWS

A recent cyber espionage initiative, known as Operation Dragon Weave, has been identified targeting individuals and entities in the Czech Republic and Taiwan. The campaign aims to deploy the AdaptixC2 agent, according to Seqrite Labs.

Targeted Sectors and Methods

Operation Dragon Weave is primarily focused on several sectors, including government, research, academia, technology, and financial services. The attackers utilize spear-phishing emails with ZIP attachments to initiate an infection chain. This process involves a Rust loader to execute the final payload, facilitating data theft and remote system control.

Security researcher Priya Patel explained that the ZIP archive contains files that appear legitimate but are part of a sophisticated infection mechanism. These files are designed to run malicious payloads covertly.

Infection Chains and Execution

The attack employs two distinct pathways to deploy the malware. One method involves opening a deceptive Windows Shortcut (LNK) file within the ZIP archive, disguised as a PDF document. This action triggers a PowerShell script that extracts and executes a file named “RuntimeBroker_update.exe” from a DAT file.

Alternatively, the victim may execute a binary directly from the archive, which acts as a Rust-based dropper, launching the same executable. Both paths eventually lead to the loading of a malicious DLL, “UnityPlayer.dll,” using DLL side-loading techniques, culminating in the deployment of a Rust-based loader known as RUSTCLOAK.

Advanced Malware Capabilities

The RUSTCLOAK loader decrypts and executes the main payload, the AdaptixC2 agent, referred to as AZUREVEIL. This agent utilizes Microsoft Azure Blob Storage for its command-and-control operations, employing a dead drop approach to avoid direct communication between the attacker and the compromised system.

AZUREVEIL is capable of executing 36 different commands, enabling extensive post-compromise actions such as file management, shell command execution, and process control. Seqrite Labs notes that these capabilities provide attackers comprehensive control over affected endpoints. The campaign is attributed to a China-aligned threat group.

Simultaneously, Cato Networks reported intercepting an attack on an Indian branch of a global manufacturing company. The attack leveraged TencShell, a Go-based implant derived from rshell, further indicating a China-nexus.

Ongoing research by ESET highlights continued activity by China-aligned threat actors globally, with various tools and tactics observed. These include campaigns in France, Mongolia, and South America, utilizing different malware and tools over time. The evolving landscape emphasizes the persistent threat posed by state-sponsored cyber activities.

The Hacker News Tags:AdaptixC2, China, cyber attacks, Cybersecurity, Czech Republic, Espionage, Malware, Operation Dragon Weave, Rust loader, Taiwan

Post navigation

Previous Post: Critical Plesk Flaw Allows Command Execution on Servers
Next Post: Exploited Windows Netlogon Flaw Demands Urgent Patch

Related Posts

Armored Likho’s BusySnake Threatens Government and Energy Sectors Armored Likho’s BusySnake Threatens Government and Energy Sectors The Hacker News
Cisco Catalyst SD-WAN Flaw Exploited for Admin Access Cisco Catalyst SD-WAN Flaw Exploited for Admin Access The Hacker News
26 Malicious Apps on Apple Store Targeting Crypto Wallets 26 Malicious Apps on Apple Store Targeting Crypto Wallets The Hacker News
Security Flaw in Claude for Chrome Allows Unauthorized Access Security Flaw in Claude for Chrome Allows Unauthorized Access The Hacker News
Detecting Data Leaks Before Disaster Detecting Data Leaks Before Disaster The Hacker News
Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild Google Releases Critical Chrome Update for CVE-2025-6558 Exploit Active in the Wild The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • 7-Zip Flaw Risks Remote Code Execution for Millions
  • Hackers Sentenced for Disrupting London Transport Systems
  • JetBrains Fixes Critical Security Flaws in Key Products
  • Dutch Police Break Up €100 Million Fraud Network
  • AI Security Testing Evolves with New Threats

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • 7-Zip Flaw Risks Remote Code Execution for Millions
  • Hackers Sentenced for Disrupting London Transport Systems
  • JetBrains Fixes Critical Security Flaws in Key Products
  • Dutch Police Break Up €100 Million Fraud Network
  • AI Security Testing Evolves with New Threats

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark