Unveiling Swan Vector APT Targeting Taiwan and Japan with varied DLL Implants

### Executive summary Seqrite Labs describes the 'Swan Vector' campaign targeting educational institutes and mechanical engineering organizations in Taiwan and Japan using a four-stage chain: a malicious LNK that launches a Pterois DLL downloader (abusing Google Drive OAuth as C2), which fetches a sideloaded Isurus DLL that decrypts and executes Cobalt Strike shellcode; the report includes detailed technical analysis, extracted beacon configs, Google Drive-hosted artifacts and IOCs, and attributes the activity to an East Asian actor with medium confidence.