CyberArmor’s report reveals a sophisticated espionage campaign named “Autumn Dragon” targeting Southeast Asian governments and media, possibly linked to Chinese threat actors. The campaign employs a complex malware chain involving DLL sideloading, Telegram C2, and encrypted payloads to gather intelligence covertly. #AutumnDragon #ChinaNexus
Keypoints
- The “Autumn Dragon” campaign has been active since early 2025, focusing on Southeast Asia’s government and media sectors.
- The attack begins with spearphishing of high-value targets using malicious RAR files exploiting CVE-2025-8088 in WinRAR.
- The malware uses DLL sideloading and Telegram-based C2 communication for command execution and persistence.
- Multiple campaigns utilize sideloading chains across browsers like OperaGX, Edge, and Adobe Creative Cloud.
- The backdoor supports remote commands and has likely established long-term access points without observed stage-five payloads.