Solutions
By Platform
DarkArmor

Enterprise-level Prebreach Technology

ProtectMe

Research and personal security

By Industry
Retail

Customer, supply chain, and vendor access protection

Education

Protect staff and student credentials, brand, and reputation

All Solutions
Why Us
About Us
Blog
Contact

Autumn Dragon: China-nexus APT Group Targets South East Asia

In this report, we describe how we tracked for several months a sustained espionage campaign against the government, media, and news sectors in several countries including Laos, Cambodia, Singapore, the Philippines and Indonesia

Written by
Nguyen Nguyen
and Bart Blaze
on
November 18, 2025

Since early 2025, China’s involvement in the Indo-Pacific has been more prolific, from escalating maritime tensions, to being peacebroker in Myanmar’s military junta and more recently, espionage activities on joint exercises the Philippines naval forces have been conducting together with the US, Australia, Canada and New Zealand.

The attacker, which we believe is a China-nexus threat actor, showcases a love of DLL sideloading techniques in order to compromise their targets of interest. Governments and media are high-value targets because they shape policy, public opinion, and international alignment.

The report details the full attack chain of one particular compromise we discovered, and goes further into detail on victimology, other campaigns and finally lists indicators of compromise.

Get the full report

Autumn Dragon: China-nexus APT Group Target South East Asia

Download Report
About the Author

Nguyen Nguyen

Nguyen is a seasoned cybersecurity leader with over 15 years of experience in software engineering, malware research, and cyber threat intelligence.

About the Author

Bart Blaze (Independent Contributor)

Bart spends his time researching and analyzing malware, performing incident response, as well as threat intelligence, SOC design & assessments, and much more.

Twitter

Read More...

June 19, 2024
New North Korean-Based Backdoor

In this paper we analyze a new threat campaign which is specifically focused on Aerospace and Defense companies: sectors appealing to multiple threat actors, but of particular interest to North Korean threat groups in other recent campaigns.

June 19, 2025
Threat Insight: Cybercriminals Abusing Vercel to Deliver Remote Access Malware

CyberArmor has identified a phishing campaign leveraging Vercel, a legitimate frontend hosting platform, to distribute a malicious version of LogMeIn, a legitimate remote access tool, by cybercriminals to gain full control over victims’ machines.

April 1, 2025
Uncovered: How Cybercriminals Scam Each Other Using Fake USDT Sender Software

See how cybercriminals weaponized "FLASH USDT Sender" software. Our analysis reveals it's a sophisticated dropper that installs a suite of malware—including a stealer, clipper, and RDP grabber—for complete system control.

HomeAbout UsFAQ
DarkArmorProtectMe
BlogContactLinkedIn