Tag

Amaranth Dragon

All articles tagged with #amaranth dragon

technology21 days ago•6 min saved

China-linked Amaranth-Dragon Uses WinRAR Flaw for Southeast Asia Espionage

Chinese-linked Amaranth-Dragon has run tightly targeted cyber-espionage campaigns against Southeast Asian government and law-enforcement agencies in 2025, exploiting the WinRAR CVE-2025-8088 flaw via spear-phishing archives hosted on cloud platforms to deploy Amaranth Loader and the Havoc C2 framework; the activity shows APT41 ties, with country-specific infrastructure and anti-analysis techniques, and is complemented by a separate Mustang Panda PlugX Diplomacy operation using LOLBins and staged with diplomatic/election-themed lures.

via The Hacker News|

#amaranth-dragon #apt41 #dll-side-loading

security21 days ago•35 min saved

Amaranth-Dragon weaponizes WinRAR flaw for Southeast Asian espionage campaigns

Check Point Research ties Amaranth-Dragon to APT-41, detailing 2025 campaigns across Southeast Asia targeting government and law‑enforcement entities that weaponized the WinRAR CVE-2025-8088 flaw to drop and execute malicious payloads via weaponized archives. The ops use the Amaranth Loader to unload Havoc C2 and later TGAmaranth RAT with a Telegram-based C2 and geo‑restricted infrastructure, plus anti-EDR techniques. The attacks show rapid exploitation of new vulnerabilities and emphasize patching, phishing/weaponized archives, and defense‑in‑depth for regional governments and critical services.

via Check Point Software|

#amaranth-dragon #apt-41 #cve-2025-8088