Amaranth‑Dragon Exploits New CVE‑2025‑8088 to Penetrate SE Asian Networks

Check Point’s threat intel team has identified the state‑sponsored group Amaranth‑Dragon actively weaponizing the freshly disclosed CVE‑2025‑8088 flaw in widely deployed server software. The actors first exploit the remote code execution bug to gain initial access, then cascade the intrusion with credential‑dumping utilities such as LaZagne and SecretsDump to harvest domain admin hashes. This hybrid chain has been observed across multiple organizations in Southeast Asia, allowing the group to establish persistent footholds and move laterally into high‑value systems.

The exploitation of CVE‑2025‑8088 represents a direct threat to any environment still running vulnerable versions of the affected product. Defenders must prioritize patching the disclosed fix, enforce strict network segmentation, and deploy detection rules for the characteristic PowerShell and credential‑dumping behaviors linked to Amaranth‑Dragon’s toolkit. Continuous monitoring for unusual authentication patterns and rapid credential rotation are essential to limit the group’s ability to conduct long‑term espionage.

Categories: Malware & Ransomware, Vulnerabilities & Exploits, Identity & Access Management (IAM)

Source: Read original article