New Operation Dragon Whistle Phishing Campaign Targets Universities

Operation Dragon Whistle is a sophisticated, targeted phishing campaign against Chinese academic institutions that uses weaponized archives and living-off-the-land techniques. Emails deliver a double-extension LNK leading to a VBScript that shows a decoy PDF while launching a malicious chain that side-loads a trojanized DLL into a legitimate Bandizip binary, performs anti-analysis checks, disables Windows security telemetry (AMSI/ETW), and drops an in-memory Cobalt Strike beacon contacting infrastructure resolving to lysander.asia; the activity is attributed to UNG0002.