VulnHub

Real-time Cybersecurity News

China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025

Security Affairs
Actively Exploited
Check Point

Overview

In 2025, a group of hackers believed to be linked to China, known as Amaranth-Dragon, launched cyber-espionage campaigns targeting various government and law enforcement agencies in Southeast Asia. Countries affected include Thailand, Indonesia, and Singapore. This activity is associated with the APT41 ecosystem, which has a history of conducting similar operations. The implications of these attacks are significant, as they threaten national security and the integrity of sensitive governmental data. Researchers emphasize the need for enhanced cybersecurity measures among the affected nations to protect against ongoing and future threats.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Government and law enforcement agencies in Thailand, Indonesia, Singapore, and other Southeast Asian countries.
  • Action Required: Enhanced cybersecurity measures for government and law enforcement agencies are recommended.
  • Timeline: Ongoing since 2025

Original Article Summary

China-linked hackers tracked as Amaranth-Dragon targeted government and law enforcement agencies across Southeast Asia in 2025. CheckPoint says China-linked threat actors, tracked as Amaranth-Dragon, carried out cyber-espionage campaigns in 2025 targeting government and law enforcement agencies across Southeast Asia. The activity is linked to the APT41 ecosystem and affected countries including Thailand, Indonesia, Singapore, and […]

Impact

Government and law enforcement agencies in Thailand, Indonesia, Singapore, and other Southeast Asian countries.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since 2025

Remediation

Enhanced cybersecurity measures for government and law enforcement agencies are recommended.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Check Point.

Read Original Article

Related Coverage

Italy Averted Russian-Linked Cyberattacks Targeting Winter Olympics Websites, Foreign Minister Says

SecurityWeek

Italy's government has successfully thwarted a series of cyberattacks linked to Russian sources, aimed at its foreign ministry offices, including one located in Washington, D.C. These attacks were reportedly targeting websites associated with the upcoming Winter Olympics. The Italian Foreign Minister announced the prevention of these incidents, emphasizing the ongoing risks posed by cyber threats in international contexts. This situation underlines the vulnerabilities that governments face, particularly during significant global events like the Olympics. The foiled attacks serve as a reminder of the persistent cyber warfare tactics employed by nation-states.

Feb 5, 2026

Cyberspy Group Hacked Governments and Critical Infrastructure in 37 Countries

SecurityWeek

A recent report from Palo Alto Networks reveals that a cyberspy group has successfully targeted governments and critical infrastructure across 37 countries. While the specific origin of these attacks hasn't been confirmed, there are strong indications pointing to China as the likely source. The affected entities include various government agencies and critical infrastructure sectors, which raises significant concerns about national security and the potential for disruption in essential services. The scale of the operation suggests a sophisticated level of planning and execution, highlighting the ongoing risks that nation-states pose in the cyber realm. This incident serves as a reminder for organizations worldwide to bolster their cybersecurity defenses and remain vigilant against such threats.

Feb 5, 2026

Why boards should be obsessed with their most ‘boring’ systems

CyberScoop

Recent cyberattacks have prompted boards of directors to take a closer look at enterprise resource planning (ERP) systems, which are often overlooked but can be vulnerable to significant security threats. A notable example is the cyberattack on Jaguar Land Rover (JLR) in September 2025, which showcased the severe repercussions of such incidents. This attack not only disrupted operations but also highlighted the risks that come with failing to adequately secure these 'boring' systems. As organizations reassess their cybersecurity strategies, it's clear that even the most mundane systems can have catastrophic impacts if left unprotected. Companies are encouraged to prioritize the security of their ERP systems to prevent similar incidents in the future.

Feb 5, 2026

Police shut down global DDoS operation, arrest 20-year-old

Help Net Security

Poland's Central Bureau for Combating Cybercrime has arrested a 20-year-old man believed to be behind a series of global DDoS attacks that targeted important websites. The suspect faces six charges, including disrupting IT systems and using specialized software to execute cyberattacks. He has reportedly confessed to many of the allegations against him. If found guilty, he could face up to five years in prison. This operation underscores the ongoing challenges of combating cybercrime, particularly as such attacks can significantly disrupt online services and affect many organizations worldwide.

Feb 5, 2026

AI-Enabled Voice and Virtual Meeting Fraud Surges 1000%+

Infosecurity Magazine

Pindrop has reported a staggering 1210% increase in AI-powered fraud incidents over the past year, particularly affecting voice and virtual meeting platforms. This surge indicates that attackers are increasingly utilizing artificial intelligence to create convincing scams, making it harder for users to detect fraudulent activities. The rise in such sophisticated tactics poses significant risks to individuals and businesses alike, as it can lead to financial loss and data breaches. Companies are urged to enhance their security measures and educate employees about these evolving threats to better protect against AI-driven scams. The alarming growth in this type of fraud emphasizes the need for vigilance in both personal and professional communications.

Feb 5, 2026

Protests Don't Impede Iranian Spying on Expats, Syrians, Israelis

darkreading

Iranian hackers are reportedly targeting individuals of interest across the Middle East, including expatriates, Syrians, and Israelis, by stealing their credentials through spear-phishing and social engineering tactics. Despite ongoing protests in Iran, these cyber espionage activities continue unabated. The attackers are using deceptive emails and messages to trick victims into revealing sensitive information. This incident raises concerns about the security of personal data and the potential for increased surveillance and harassment of targeted individuals. As these tactics evolve, it becomes crucial for users to remain vigilant against such phishing attempts.

Feb 5, 2026