Amaranth-Dragon: Targeted Cyber Espionage Campaigns Across Southeast Asia
Check Point, Wednesday, February 4th, 2026
Throughout 2025, Check Point Research observed a series of cyber espionage campaigns quietly unfolding across Southeast Asia. Unlike opportunistic cyber crime, these operations were narrowly focused on government institutions and law enforcement agencies, suggesting a clear objective: long-term geopolitical intelligence collection.
Check Point Research uncovered highly targeted cyber espionage campaigns aimed at government and law enforcement agencies across the ASEAN region throughout 2025.
The activity is attributed to Amaranth-Dragon, a previously untracked threat actor assessed to be closely linked to the China-affiliated APT 41 ecosystem.
The group weaponized newly disclosed vulnerabilities within days, including a critical WinRAR flaw, and paired them with lures tied to real-world political and security events.
These operations demonstrate state-level discipline and precision, using country-restricted infrastructure, trusted cloud services, and stealthy tooling to quietly collect intelligence.