Amaranth-Dragon, a company connected to China, uses a WinRAR vulnerability in espionage operations

Throughout 2025, a new wave of cyberespionage campaigns targeting government and law enforcement agencies throughout Southeast Asia has been linked to threat actors associated with China This article explores asia linked threat. . The Israeli company went on to say that the attacks were "tightly scoped" and "narrowly focused," suggesting that the threat actors were making an effort to create long-term persistence for the purpose of gathering geopolitical intelligence.

The most noteworthy feature of threat actors' tradecraft is their high level of stealth; in an effort to reduce exposure, the campaigns are "highly controlled" and the attack infrastructure is set up so that it can only communicate with victims in particular target nations.

Attack chains installed by the adversary have been discovered to exploit CVE-2025-8088, a security vulnerability affecting RARLAB WinRAR that has been patched and permits arbitrary code execution when targets open specially constructed archives. About eight days after the vulnerability was made public in August, the exploitation was noticed.

When considered collectively, these operational and technical similarities strongly imply that Amaranth-Dragon is either a part of or closely associated with the APT41 ecosystem, maintaining long-standing patterns of tool development and targeting in the area.### Mustang Panda's New Campaign Features a PlugX Variant The revelation coincides with a campaign by another Chinese nation-state group known as Mustang Panda that targeted officials engaged in international coordination, elections, and diplomacy in various regions between December 2025 and mid-January 2026. The campaign was described by Tel Aviv-based cybersecurity firm Dream Research Labs. PlugX Diplomacy is the name given to the activity.

According to the company, "the operation relied on impersonation and trust rather than exploiting software vulnerabilities." "Victims were tricked into opening files that looked like diplomatic summaries or policy documents with ties to the United States.

The compromise could be initiated simply by opening the file.The documents open the door for the hacking group to use a modified version of PlugX, a well-known piece of malware, to secretly collect data and grant ongoing access to compromised hosts.

Amaranth-Dragon, a company connected to China, uses a WinRAR vulnerability in espionage operations

Trending News

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Top 10 Best VPN For Chrome in 2026

Top 10 Best VPN For Chrome in 2026

Top 10 Best User Access Management Tools in 2026

Top 10 Best User Access Management Tools in 2026

Amaranth-Dragon, a company connected to China, uses a WinRAR vulnerability in espionage operations

Trending News

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

North Korean Hackers Compromise Popular Axios Package to Infect Windows, macOS, and Linux

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

Anthropic Officially Terminates Claude Subscriptions Used by Tools Like OpenClaw

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

36 bad npm packages used Redis and PostgreSQL to install permanent implants.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

Six months of social engineering by the DPRK led to the $285 million Drift Hack.

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Top 10 Best VPN For Chrome in 2026

Top 10 Best VPN For Chrome in 2026

Top 10 Best User Access Management Tools in 2026

Top 10 Best User Access Management Tools in 2026