"Many of the campaigns were timed to coincide with sensitive local political developments, official government decisions, or regional security events,"
"By anchoring malicious activity in familiar, timely contexts, the attackers significantly increased the likelihood that targets would engage with the content."
"The Israeli firm added that the attacks were "narrowly focused" and "tightly scoped," indicating efforts on the part of the threat actors to establish long-term persistence for geopolitical intelligence collection."
"The group distributed a malicious RAR file that exploits the CVE-2025-8088 vulnerability, allowing the execution of arbitrary code and maintaining persistence on the compromised machine,"
Amaranth-Dragon, linked to the APT41 ecosystem, conducted targeted cyber espionage across Cambodia, Thailand, Laos, Indonesia, Singapore, and the Philippines throughout 2025. Campaigns were narrowly focused, tightly scoped, and timed to coincide with sensitive political events and regional security developments to increase engagement. The adversary emphasized a high degree of stealth, configuring infrastructure to interact only with victims in specific target countries to minimize exposure. Attack chains abused the now-patched WinRAR vulnerability CVE-2025-8088, with exploitation observed roughly eight days after public disclosure. The attackers used malicious RAR files to execute arbitrary code and maintain long-term persistence for geopolitical intelligence collection.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]