Amaranth‑Dragon Exploits CVE‑2025‑8088 to Target SE Asian Critical Infrastructure

Check Point Research has identified the APT group Amaranth‑Dragon actively weaponizing the newly disclosed CVE‑2025‑8088 flaw. The actors are leveraging sophisticated multi‑stage payloads—initial spear‑phishing lures, custom‑crafted exploits, and fileless loaders—to gain footholds in ministries, energy utilities, and related supply‑chain networks across Southeast Asia. Once inside, they install long‑lived backdoors that provide persistent access for data exfiltration and potential sabotage.

The exploitation of CVE‑2025‑8088 expands the attack surface of critical infrastructure, exposing sensitive policy data and operational control systems to espionage and disruption. Defenders should prioritize patching the vulnerability across all vulnerable assets, implement strict email and web filtering to block known delivery vectors, and deploy endpoint detection that can spot the fileless behaviors associated with this campaign. Continuous monitoring for the group’s indicator of compromise (IOC) patterns will be essential to detect and isolate any compromise before it can be leveraged for destructive actions.

Categories: Vulnerabilities & Exploits, Identity & Access Management (IAM), Compliance & Regulation

Source: Read original article