SECURITY researchers from the Seqrite APT Team have identified a highly targeted cyber espionage campaign named Operation Dragon Weave, which affects public institutions in the Czech Republic and Taiwan. The campaign employs deceptive phishing techniques, using malicious compressed archives that lead to two main infection paths: Path A, where users inadvertently execute a shortcut file, and Path B, where a Rust-based dropper performs the extraction.
Both paths ultimately execute a malicious file, RuntimeBroker_update.exe, which uses DLL sideloading for further malicious actions. The malware, known as AZUREVEIL, operates via a unique dead-drop command and control (C2) channel within legitimate cloud infrastructure, complicating detection. The campaign exhibits sophisticated capabilities, allowing threat actors to manipulate system processes and exfiltrate data seamlessly.
Attribution points to advanced threat groups from East Asia, highlighting the need for enhanced network defenses against such advanced persistent threats.