216.73.217.80

Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in Southeast Asia

· Published 04/02/2026 15:57 · Modified 04/02/2026 20:51

Export JSON

Essential information

Published
04/02/2026 15:57
Modified
04/02/2026 20:51
Tags
2026-02-04 CVE-2025-8088 amaranth loader apt-41 espionage government havoc c2 havoc c2 framework southeast asia telegram rat tgamaranth rat winrar
Related entities
1 vulnerabilities (cve), 55 observables, 1 intrusion sets (apt), 13 techniques (mitre), 3 malware, 18 others

Description

A Chinese threat actor, Amaranth-Dragon, has been conducting highly targeted cyber- campaigns against and law enforcement agencies in throughout 2025. The group swiftly exploited the vulnerability in to deliver malicious payloads, including a custom loader and the . Their operations demonstrate sophisticated tactics, including geo-restricted command and control servers, use of legitimate hosting services, and a new Telegram-based remote access trojan. The campaigns coincide with significant local geopolitical events, increasing the likelihood of successful compromises. Technical analysis reveals similarities with , suggesting a possible connection or shared resources between the groups.

External references