Amaranth-Dragon weaponizes WinRAR flaw for Southeast Asian espionage campaigns

February 5, 2026 at 03:46 PM

•

1 min read

Amaranth-Dragon weaponizes WinRAR flaw for Southeast Asian espionage campaigns — Photo: Check Point Software

TL;DR Summary

Check Point Research ties Amaranth-Dragon to APT-41, detailing 2025 campaigns across Southeast Asia targeting government and law‑enforcement entities that weaponized the WinRAR CVE-2025-8088 flaw to drop and execute malicious payloads via weaponized archives. The ops use the Amaranth Loader to unload Havoc C2 and later TGAmaranth RAT with a Telegram-based C2 and geo‑restricted infrastructure, plus anti-EDR techniques. The attacks show rapid exploitation of new vulnerabilities and emphasize patching, phishing/weaponized archives, and defense‑in‑depth for regional governments and critical services.

Topics:technology #amaranth-dragon #apt-41 #cve-2025-8088 #cybersecurity #security #winrar

Share this article

Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia Check Point Software
China-Linked Amaranth-Dragon Exploits WinRAR Flaw in Espionage Campaigns The Hacker News
New Amaranth Dragon cyberespionage group exploits WinRAR flaw BleepingComputer
Everyone’s exploiting a WinRAR bug to drop RATs theregister.com
New Hacking Campaign Exploits Microsoft Windows WinRAR Vulnerability Infosecurity Magazine

Reading Insights

Total Reads

Unique Readers

Time Saved

35 min

vs 36 min read

Condensed

99%

7,160 → 78 words

Want the full story? Read the original article

Read on Check Point Software

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights