A report from CyberArmor details an espionage campaign named "Autumn Dragon," attributed to a China-nexus threat actor, targeting government and media organizations in Southeast Asia since early 2025. The operation employs a four-stage malware chain utilizing DLL sideloading and Telegram for command-and-control. The initial attack vector involves a malicious RAR file exploiting a WinRAR vulnerability (CVE-2025-8088) delivered via spearphishing.
Subsequent stages involve deploying a backdoor that communicates with C2 servers and supports minimal commands to maintain stealth. The campaign primarily targets Indonesia, Singapore, the Philippines, Cambodia, and Laos, with a focus on media and government sectors. CyberArmor notes potential links to Chinese cyber-espionage activities, including possible overlap with APT41.