{"id":261029,"date":"2026-06-01T07:54:00","date_gmt":"2026-06-01T11:54:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/01\/china-aligned-groups-ramp-up-attacks-dragon-weave-hits-czech-republic-taiwan\/"},"modified":"2026-06-01T09:50:08","modified_gmt":"2026-06-01T13:50:08","slug":"china-aligned-groups-ramp-up-attacks-dragon-weave-hits-czech-republic-taiwan","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/01\/china-aligned-groups-ramp-up-attacks-dragon-weave-hits-czech-republic-taiwan\/","title":{"rendered":"China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic &#038; Taiwan"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/china-aligned-groups-ramp-up-attacks.html\">China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic &#038; Taiwan<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/china-aligned-groups-ramp-up-attacks.html\">https:\/\/thehackernews.com\/2026\/06\/china-aligned-groups-ramp-up-attacks.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-01 07:54:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p>A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent.<\/p>\n<p>According to Seqrite Labs, targets of the campaign include government, research, academic, technology, and financial services sectors. The activity entails distributing spear-phishing emails containing ZIP attachments to trigger an infection chain that uses a Rust loader to drop the final payload for data exfiltration and remote control.<\/p>\n<p>&#8220;When extracted, the archive contains multiple files that appear legitimate but are actually part of a structured infection chain designed to execute malicious payloads in the background,&#8221; security researcher Priya Patel said.<\/p>\n<p>The attack chain uses two different pathways to launch the final-stage malware. One infection sequence begins when the recipient of the ZIP archive opens a malicious Windows Shortcut (LNK) file that masquerades as a PDF document. This leads to the execution of a PowerShell script that&#8217;s responsible for extracting an executable (&#8220;RuntimeBroker_update.exe&#8221;) from an intermediate DAT file and running it.<\/p>\n<p>In the second attack chain, the victim directly launches a binary from the same archive. The binary functions as a self-contained Rust-based dropper to launch &#8220;RuntimeBroker_update.exe.&#8221; Regardless of the path chosen, the executable loads a malicious DLL (&#8220;UnityPlayer.dll&#8221;) via DLL side-loading, resulting in the deployment of a Rust-based loader called RUSTCLOAK.<\/p>\n<p>The loader then decrypts and runs the main payload, an AdaptixC2 agent codenamed AZUREVEIL owing to the use of Microsoft Azure Blob Storage for command-and-control (C2). The loader is designed to perform anti-analysis checks to proceed only if the malware determines that it&#8217;s being run within a sandboxed environment.<\/p>\n<p>&#8220;The malware just talks to Azure Blob Storage, the same service used by thousands of legitimate enterprises worldwide,&#8221; Seqrite Labs said. &#8220;Instead of&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/06\/china-aligned-groups-ramp-up-attacks.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic &#038; Taiwan https:\/\/thehackernews.com\/2026\/06\/china-aligned-groups-ramp-up-attacks.html Publish Date:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":261030,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhUhiw46hdnhoY05E-0EyhOX5AxQrqJeNM0WDEWiYHAi5pPt4kIFPbvqGZhyAK4NxlAF7KJKxPfWlbGLbZUJJD9PgGmazvyhzaSgBXokM_6eYQfWXQ1HDv2heSDTnps4EGhjKqwCbuQOl0d9QN25tmn85xLujp-htCwLhhywI4A6BKJxkOOKb9FSu02AMjX\/s1600\/china.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[32,25],"class_list":["post-261029","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-malware","tag-phishing"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/261029"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=261029"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/261029\/revisions"}],"predecessor-version":[{"id":261031,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/261029\/revisions\/261031"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/261030"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=261029"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=261029"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=261029"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}