Back

Spearphishing Campaign Deploys AZUREVEIL C2 Agent Targeting Czech Republic and Taiwan

Severity: High (Score: 72.5)

Sources: Gbhackers, Cybersecuritynews

Published: 2026-06-02 · Updated: 2026-06-02

Keywords: spearphishing, hackers, azureveil, agent, campaign, deploy, adaptix

Severity indicators: apt

Summary

A spearphishing campaign has been identified deploying the AZUREVEIL Adaptix C2 agent, targeting government officials, researchers, and technology workers in the Czech Republic and Taiwan. The campaign, attributed to a China-linked threat actor, began with the delivery of malicious ZIP archives disguised as official documents. The earliest known sample was traced back to Taiwan in March 2026, indicating a multi-stage attack chain. The operation is named Operation Dragon Weave and is part of a broader trend of state-sponsored cyber activities. The attack's sophistication and targeted nature raise significant concerns for national security and data integrity in the affected regions. Key Points: • AZUREVEIL is a sophisticated Adaptix-based C2 agent deployed via spearphishing. • The campaign targets government and enterprise sectors in the Czech Republic and Taiwan. • It is linked to a China-based threat actor and began with malicious ZIP files in March 2026.

Detailed Analysis

**Impact** Government officials, researchers, and technology workers in the Czech Republic and Taiwan are targeted. The campaign affects both government and enterprise sectors, with potential compromise of sensitive official documents and operational disruption. The scope includes multiple organizations in two countries, with data at risk likely including confidential government and research information. **Technical Details** The attack uses spearphishing emails delivering malicious ZIP archives containing files disguised as official documents, including shortcut files. The malware deployed is AZUREVEIL, an Adaptix-based command-and-control (C2) agent, involved in a multi-stage attack chain. The campaign, named Operation Dragon Weave, is attributed to a China-linked threat actor, with the earliest sample observed in Taiwan in March 2026. No CVEs or specific infrastructure details were provided. **Recommended Response** Defenders should prioritize blocking spearphishing emails containing ZIP attachments and monitor for shortcut files (.lnk) used as malware droppers. Deploy detections for Adaptix-based C2 communications and monitor network traffic for AZUREVEIL-related indicators. Apply email filtering and user awareness training focused on spearphishing. No patching guidance is available from the current data.

Source articles (2)

  • Hackers Use Spearphishing to Deploy AZUREVEIL Adaptix C2 Agent — Gbhackers · 2026-06-02
    Hackers are actively deploying a sophisticated malware framework dubbed AZUREVEIL, an Adaptix-based command-and-control (C2) agent, through a targeted spearphishing campaign aimed at government and en…
  • Hackers Deploy AZUREVEIL Adaptix C2 Agent via Spearphishing Campaign — Cybersecuritynews · 2026-06-02
    A newly identified spearphishing campaign has been quietly targeting government officials, researchers, and technology workers in the Czech Republic and Taiwan. Threat researchers traced the operation…

Timeline

  • 2026-03-01 — Earliest known AZUREVEIL sample identified: Threat researchers traced the first sample of AZUREVEIL to Taiwan, marking the start of the campaign.
  • 2026-06-02 — Spearphishing campaign reported: Gbhackers reported on the ongoing spearphishing campaign targeting government and enterprise sectors in the Czech Republic and Taiwan.

Related entities

  • Malware (Attack Type)
  • Phishing (Attack Type)
  • Operation Dragon Weave (Campaign)
  • Czech Republic (Country)
  • Taiwan (Country)
  • Government (Industry)
  • Technology (Industry)
  • Azureveil (Malware)
  • T1566.001 - Spearphishing Attachment (Mitre Attack)
  • T1566 - Phishing (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed