SECURITY researchers from Seqrite Labs have unveiled a sophisticated phishing campaign, Operation Dragon Whistle, targeting academic institutions in China, particularly focusing on Changzhou University. The attackers utilize social engineering tactics, sending emails resembling official announcements about mandatory fitness tests to encourage compliance. These emails contain malicious attachments that exploit Windows components to execute harmful payloads without detection.
Key tactics include living-off-the-land strategies, where legitimate software is weaponized to facilitate the attack, and advanced evasion techniques that disable security tools. The final payload connects back to a command-and-control server linked to the threat actor UNG0002. This campaign underlines the need for vigilance among educational networks against targeted digital threats.