Amaranth‑Dragon exploits fresh CVE‑2025‑8088 to infiltrate SE Asian critical infrastructure

Check Point’s threat‑intel team has identified a new campaign by the Amaranth‑Dragon group that leverages the just‑released CVE‑2025‑8088 vulnerability in widely deployed network appliances. The zero‑day allows remote code execution, which the actors use to install a custom backdoor and move laterally across both government and private‑sector networks in Southeast Asia. Early indicators show the group is targeting VPN concentrators and industrial control system gateways to establish persistent footholds.

The exploitation chain is paired with sophisticated post‑exploitation modules that harvest credentials, disable security logs, and exfiltrate sensitive data. Because the vulnerable products are common in critical‑service environments, the potential impact includes service disruption, espionage, and ransomware prep. Defenders should urgently patch affected devices, enforce network segmentation, and monitor for the distinctive C2 patterns reported by Check Point to limit exposure.

Categories: Vulnerabilities & Exploits, Threat Intelligence, AI Security & Threats

Source: Read original article