CN

Amaranth-DragonAmaranth-Dragon

Also known as: Amaranth-Dragon

Origin
CN
Known aliases
1

Profile

Amaranth-Dragon is a previously untracked threat actor assessed to be closely linked to the China-affiliated APT 41 ecosystem, exhibiting similar tooling and operational patterns. The group demonstrated technical maturity by rapidly operationalizing CVE-2025-8088, a vulnerability in WinRAR, shortly after its public disclosure. Check Point Research has identified multiple campaigns targeting Cambodia, Thailand, Laos, Indonesia, Singapore, and the Philippines, with operations typically focused on one or two countries at a time. The overlaps in technical and operational indicators strongly suggest that Amaranth-Dragon is either affiliated with or part of the broader APT-41 ecosystem.

Aliases· 1

Amaranth-Dragon

References

  1. https://blog.checkpoint.com/research/amaranth-dragon-targeted-cyber-espionage-campaigns-across-southeast-asia/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Camaro Dragon
Actor
APT41
Actor
APT32
Actor
APT21
Actor
DarkCasino
Actor
APT15
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.