Operation Dragon Weave Exposed: Cyber Espionage Campaign Weaponizes Cloud Storage

Operation Dragon Weave is a targeted international cyber-espionage campaign observed by Seqrite that uses phishing lures to deliver a multi-path infection chain (shortcut-based and a Rust dropper) which converges on RuntimeBroker_update.exe and a RUSTCLOAK loader; that loader performs triple-layer decryption and injects a memory-resident remote control agent named AZUREVEIL that uses Microsoft Azure Blob Storage as a dead-drop C2, employing advanced sandbox evasion, DLL sideloading, Windows fibers and extensive post-exploitation capabilities with apparent China-linked attribution.