TWO attacks on Qatari entities signal a shift in focus for China-backed actors, as Chinese Nexus groups pivot in response to geopolitical events, according to Check Point Research. The threat actor Camaro Dragon aimed to deploy a variant of PlugX malware against various Qatari targets using lures tied to the conflict within one day of the launch of the so-called Operation Epic Fury offensive. A separate Qatari-targeted intrusion sought to deploy the penetration testing tool Cobalt Strike via DLL hijacking.
Check Point notes that these intrusions show how quickly China-nexus espionage actors can pivot their targeting priorities, with the Iran-focused crisis providing timely opportunities. Elizabeth Montalbano, Contributing Writer, reports this analysis in Dark Reading on 11 March 2026.