Amaranth‑Dragon Exploits CVE‑2025‑8088 in SE Asian Supply‑Chain Attack

Check Point researchers identified that the APT‑41 affiliated group, operating under the name Amaranth‑Dragon, weaponized the recently disclosed CVE‑2025‑8088 flaw in a widely used enterprise software platform. By compromising the software’s update mechanism, the threat actors inserted malicious code that was signed and distributed through the vendor’s legitimate supply chain, allowing them to gain a foothold on thousands of downstream systems across Southeast Asia.

The campaign focused on high‑value targets such as government agencies, telecom operators, and critical infrastructure firms, where the implanted backdoors were used for long‑term credential harvesting, data exfiltration, and lateral movement. Defenders must prioritize immediate patching of CVE‑2025‑8088, verify the integrity of software updates, and hunt for indicators of compromise linked to the supply‑chain payload, as the attackers demonstrate a sophisticated ability to blend into normal operations and remain undetected for months.

Categories: Vulnerabilities & Exploits, AI Security & Threats, Threat Intelligence

Source: Read original article