Operation Dragon Weave: Uncovering a China-Linked Campaign Targeting Czech Republic and Taiwan Using Azure Cloud C2

    Monday, June 8, 2026 In: Threat Research Print

    Date: 06/08/2026

    Severity: High

    Summary

    Operation Dragon Weave is a suspected China-linked cyberespionage campaign targeting government officials and citizens in the Czech Republic and Taiwan through spearphishing emails containing malicious ZIP attachments. The attack uses a multi-stage infection chain and abuses Microsoft Azure Blob Storage as command-and-control infrastructure to blend malicious activity with legitimate cloud traffic. The campaign deploys the Adaptix remote access agent for data exfiltration and remote control while leveraging multi-layer encryption and stealth techniques to evade detection and maintain persistent access.

    Indicators of Compromise (IOC) List

    Domains/URLs

    note1ggbbhggdwa1.blob.core.windows.net

    Hash

    096372d19b4787e989f44e04c5ecc29885aa927c34ae8666628d6c0eb20bb447

    1c56228cbd1bdebb9e5ea55c2749150fee06c865ede4a3754e8bd6843e51d2d4

    080ab9bc2893ba7bad354551604a667af40ed2ae2d042d2323c2bd9ad3122192

    5ed14c2b7f7433a1a72dd6b668413f935a217ba10b69d89b774a82990fa12fe1

    61f7d9cd2d8ce7df950639b23ce90085b300b0c6dd0d8d934bba8fdecb670f15

    24aa4e780ccd66cef13da9ef98c32954105cf2a32ec643efab0ba1aa2d6352f4

    02542a49b3bd6bd2795afb67840acb4557b17e017f7503dd03ebe3aeeb28720e

    8ae7c82a3e4f742777e590b25a1c563d19bd9bcba2a387d004aae72c4b2828f9

    047687548605734348792e2a9d771b6cba42facd0d0d7d44d778290a25848574

    a4e9f9919d62589b57cfa08c9ccb89e386b09f683271373413cd8e8c8c7d1c5a

    823d5969db3f3b72ebbdce1b78752717ea849884a0fb40d86146416c38e128de

    783661d0f7edb338d2d50be087764d82dbbc9ee7989ddc57db1801e4ec9045b0

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 :

    domainname like "note1ggbbhggdwa1.blob.core.windows.net" or siteurl like "note1ggbbhggdwa1.blob.core.windows.net" or url like "note1ggbbhggdwa1.blob.core.windows.net"

    Detection Query 2 :

    sha256hash IN ("096372d19b4787e989f44e04c5ecc29885aa927c34ae8666628d6c0eb20bb447","1c56228cbd1bdebb9e5ea55c2749150fee06c865ede4a3754e8bd6843e51d2d4","61f7d9cd2d8ce7df950639b23ce90085b300b0c6dd0d8d934bba8fdecb670f15","823d5969db3f3b72ebbdce1b78752717ea849884a0fb40d86146416c38e128de","24aa4e780ccd66cef13da9ef98c32954105cf2a32ec643efab0ba1aa2d6352f4","080ab9bc2893ba7bad354551604a667af40ed2ae2d042d2323c2bd9ad3122192","5ed14c2b7f7433a1a72dd6b668413f935a217ba10b69d89b774a82990fa12fe1","a4e9f9919d62589b57cfa08c9ccb89e386b09f683271373413cd8e8c8c7d1c5a","02542a49b3bd6bd2795afb67840acb4557b17e017f7503dd03ebe3aeeb28720e","8ae7c82a3e4f742777e590b25a1c563d19bd9bcba2a387d004aae72c4b2828f9","047687548605734348792e2a9d771b6cba42facd0d0d7d44d778290a25848574","783661d0f7edb338d2d50be087764d82dbbc9ee7989ddc57db1801e4ec9045b0")

    Reference:    

    https://www.seqrite.com/blog/operation-dragon-weave-uncovering-a-china-linked-campaign-targeting-czech-republic-and-taiwan-using-azure-cloud-c2/                        


    Tags

    Threat ActorChinaCyber EspionageGovernment Services and FacilitiesTaiwanSpear PhishingPhishingMicrosoftAdaptixC2Exfiltration

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.