At least one organization in Southeast Asia
October 1, 2025
•[ espionage, APT activity, vulnerability exploitation ]
BleepingComputer summarized Check Point research on a newly tracked actor Amaranth Dragon, linked to China-aligned APT activity, which exploited WinRAR CVE-2025-8088 in espionage operations against government and law enforcement entities in Singapore, Thailand, Indonesia, Cambodia, Laos, and the Philippines. The actor used geofenced infrastructure and a custom loader to deliver encrypted payloads (including Havoc and a newer TGAmaranth RAT using Telegram for C2). Because the article is campaign/threat-research reporting without a discrete, named victim event record and bounded impacts, event_type and event_subtype are coded as NA for CED incident purposes.
