Amaranth-Dragon Leverages CVE-2025-8088 to Target SE Asian Critical Infrastructure

Check Point’s threat‑intel team uncovered a new operation by the Amaranth‑Dragon group, an offshoot of APT‑41, that weaponized the freshly disclosed CVE‑2025‑8088. The actors compromised software vendors in the region’s supply chain, inserting a malicious payload that exploits the vulnerability during the update process. Once the tainted update reaches downstream customers, the exploit provides a stealthy foothold for further intrusion.

The campaign has focused on high‑value sectors such as telecommunications, finance, and government, harvesting credentials and establishing persistent backdoors for long‑term intelligence collection. Defenders must prioritize patching CVE‑2025‑8088, verify the integrity of third‑party updates, and enforce strict credential hygiene and network segmentation to limit the attacker’s lateral movement.

Categories: Vulnerabilities & Exploits, Data Breaches, AI Security & Threats

Source: Read original article