CHINA is conducting a dual-method cyberattack targeting high-value organizations in the Czech Republic and Taiwan through a sophisticated spear-phishing campaign dubbed 'Operation Dragon Weave.' This campaign utilizes a zip file containing an executable and a decoy PDF, aimed at portraying legitimacy related to business appointments.
The malware involved includes variants like Rustcloak and Azureveil, which utilize Microsoft Azure for command-and-control operations, enhancing stealth and efficiency in data exfiltration. Security experts advise organizations to focus on anti-phishing training, implement effective security measures, and monitor for anomalous activities to combat such threats.