Chinese Nexus Actors Shift Focus to Qatar Amid Iranian Conflict

Within one day of the US-Israeli "Operation Epic Fury" strikes against Iran, Camaro Dragon targeted Qatari entities with conflict-themed lures delivering a PlugX variant via DLL hijacking of a legitimate Baidu NetDisk binary, while a separate China-nexus campaign deployed Cobalt Strike through a novel Rust-based loader exploiting DLL hijacking of nvdaHelperRemote.dll — a component of the NVDA screen reader previously seen in only a handful of Chinese-nexus operations. Both attacks used AI-generated lures impersonating regional governments to blend into fast-moving crisis communications. The pivot reflects both opportunistic intelligence collection and a broader shift in collection priorities toward Qatar's position at the intersection of competing global powers. Defenders should treat the Iran conflict as an active geopolitical lure theme, reinforce EDR coverage and MFA, and review Check Point's published IoCs for both campaigns.