Seqrite Uncovers Operation CamelClone: Multi-Region Espionage Campaign Targeting Government and Defense Amidst Geopolitical Tensions

Seqrite, the enterprise security arm of Quick Heal Technologies Limited, a global provider of cybersecurity solutions, has uncovered Operation CamelClone, an active, multi-region cyber espionage campaign targeting government, defense, diplomatic, and strategic energy organisations across Algeria, Mongolia, Ukraine, and Kuwait.

Tracked by the APT research team at Seqrite Labs, India’s largest malware analysis facility, Operation CamelClone uses precision-crafted spear-phishing lures impersonating real ministries and armed forces to deliver a stealthy infection chain that exfiltrates sensitive documents, including procurement plans, policy drafts, and Telegram session data, to anonymous cloud storage accounts, leaving virtually no trace in standard network logs.

The campaign begins with ZIP archives sent via spear-phishing emails, bundling a malicious Windows shortcut (.lnk) file with convincing decoy content, such as “Weapons requirements for the Kuwait Air Force” or “Algerian Ukrainian proposals for cooperation.” When opened, the shortcut silently triggers PowerShell commands that download a JavaScript loader, tracked as ...