Check Point Research has identified two cyberattacks targeting Qatari entities by Chinese-nexus threat actors in the immediate aftermath of US-Israeli strikes on Iran. The group Camaro Dragon deployed a PlugX malware variant using conflict-related lures disguised as photos of attacks on US bases in Bahrain, exploiting DLL hijacking of a Baidu NetDisk binary. A separate campaign used a Rust-based loader and Cobalt Strike delivered via a password-protected archive with an oil and gas-themed filename, abusing nvdaHelperRemote.dll from the NVDA screen reader. Both attacks used AI-generated lures impersonating the Israeli government. The incidents demonstrate how rapidly China-nexus espionage actors can pivot targeting priorities in response to geopolitical events, with Qatar's strategic position at the intersection of regional powers making it a high-value intelligence target.
Sort: