China-Linked Amaranth-Dragon Group Exploits WinRAR Flaw in Southeast Asia Espionage Campaigns

Malicious actors linked to China, tracked under the name Amaranth-Dragon, conducted espionage campaigns targeting government agencies and law enforcement in Southeast Asia in 2025. According to Check Point Research, this group shares connections with the APT 41 ecosystem. The attacks exploit a vulnerability in WinRAR to compromise systems. The targeted countries include Cambodia. No other specific vulnerabilities, tools, or detailed impacts are mentioned.