• Check Point Research has identified several campaigns targeting multiple countries in the Southeast Asian region. • These related activities have been collectively categorized under the codename “Amaranth-Dragon”. • The campaigns demonstrate a clear focus on government entities across the region, suggesting a motivated threat actor with a strong interest in geopolitical intelligence. • The campaigns frequently target law enforcement agencies, particularly the police, and often appear to be timed or themed around ongoing local political events. • The attacks are performed by the Chinese group we track as Amaranth-Dragon. • A previously unknown loader we call Amaranth Loader shares similarities with tools such as DodgeBox, Dustpan and Dusttrap associated with the Chinese hacking group known as APT-41 (FBI’s most wanted cybercriminal groups), suggesting a connection or shared resources between the groups.

Article Summaries:

  • Check Point Research has identified several campaigns targeting multiple countries in the Southeast Asian region. These related activities have been collectively categorized under the codename “Amaranth-Dragon”. The campaigns demonstrate a clear focus on government entities across the region, suggesting a motivated threat actor with a strong interest in geopolitical intelligence. The campaigns frequently target law enforcement agencies, particularly the police, and often appear to be timed or themed around ongoing local political events. The attacks are performed by the Chinese group we track

Sources: