China‑Aligned Espionage Group Launches Operation Dragon Weave, Targeting Czech & Taiwanese Government, Academia, Tech & Finance via Spear‑Phishing
What Happened — A new cyber‑espionage campaign, dubbed Operation Dragon Weave, has been observed delivering the AdaptixC2 back‑door to victims in the Czech Republic and Taiwan. The campaign is attributed to China‑aligned threat actors and uses spear‑phishing emails with malicious ZIP attachments.
Why It Matters for TPRM —
- Espionage actors often leverage third‑party vendors and supply‑chain relationships to reach high‑value targets.
- Spear‑phishing remains a primary initial‑access technique, exposing any organization that processes email from external sources.
- Compromise of government, research, technology, or financial entities can lead to intellectual‑property theft, regulatory penalties, and downstream risk to partners.
Who Is Affected — Government agencies, research institutions, universities, technology firms, and financial services organizations in the Czech Republic and Taiwan (and any subsidiaries or partners they engage with globally).
Recommended Actions —
- Review email security controls for all vendors and subsidiaries, including attachment sandboxing and URL rewriting.
- Validate that third‑party partners enforce multi‑factor authentication and least‑privilege access to sensitive systems.
- Conduct threat‑intel sharing with affected sectors and update incident‑response playbooks for C2‑based malware.
Technical Notes — The initial vector is spear‑phishing with ZIP files that, when opened, drop the AdaptixC2 agent—a custom command‑and‑control framework. No specific CVEs are cited; the threat relies on user interaction rather than software vulnerabilities. Data at risk includes credentials, internal communications, and proprietary research. Source: The Hacker News