HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

China‑Aligned Espionage Group Launches Operation Dragon Weave, Targeting Czech & Taiwanese Government, Academia, Tech & Finance via Spear‑Phishing

Operation Dragon Weave, a China‑aligned espionage campaign, is delivering the AdaptixC2 back‑door to government, research, technology, and financial entities in the Czech Republic and Taiwan through malicious ZIP attachments. The threat underscores the need for robust email defenses and third‑party risk controls.

LiveThreat™ Intelligence · 📅 June 02, 2026· 📰 thehackernews.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
3 recommended
📰
Source
thehackernews.com

China‑Aligned Espionage Group Launches Operation Dragon Weave, Targeting Czech & Taiwanese Government, Academia, Tech & Finance via Spear‑Phishing

What Happened — A new cyber‑espionage campaign, dubbed Operation Dragon Weave, has been observed delivering the AdaptixC2 back‑door to victims in the Czech Republic and Taiwan. The campaign is attributed to China‑aligned threat actors and uses spear‑phishing emails with malicious ZIP attachments.

Why It Matters for TPRM

  • Espionage actors often leverage third‑party vendors and supply‑chain relationships to reach high‑value targets.
  • Spear‑phishing remains a primary initial‑access technique, exposing any organization that processes email from external sources.
  • Compromise of government, research, technology, or financial entities can lead to intellectual‑property theft, regulatory penalties, and downstream risk to partners.

Who Is Affected — Government agencies, research institutions, universities, technology firms, and financial services organizations in the Czech Republic and Taiwan (and any subsidiaries or partners they engage with globally).

Recommended Actions

  • Review email security controls for all vendors and subsidiaries, including attachment sandboxing and URL rewriting.
  • Validate that third‑party partners enforce multi‑factor authentication and least‑privilege access to sensitive systems.
  • Conduct threat‑intel sharing with affected sectors and update incident‑response playbooks for C2‑based malware.

Technical Notes — The initial vector is spear‑phishing with ZIP files that, when opened, drop the AdaptixC2 agent—a custom command‑and‑control framework. No specific CVEs are cited; the threat relies on user interaction rather than software vulnerabilities. Data at risk includes credentials, internal communications, and proprietary research. Source: The Hacker News

📰 Original Source
https://thehackernews.com/2026/06/china-aligned-groups-ramp-up-attacks.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Could you prove your access controls held up here?

Credential and access failures map directly to SOC 2 access-control criteria. The Verisq AI Trust Operations platform shows where your evidence is thin before an auditor — or an attacker — finds out.

Explore the Verisq AI Trust Operations platform →