Amaranth-Dragon Leverages CVE‑2025‑8088 to Target Southeast Asian Networks

Checkpoint researchers have linked the state‑aligned threat group Amaranth‑Dragon to active exploitation of the newly disclosed CVE‑2025‑8088 flaw. The actors deployed a bespoke malware loader that chains the vulnerability to gain initial code execution on vulnerable enterprise servers, then installs a stealthy back‑door. Traffic generated by the implant is deliberately crafted to blend with normal business protocols, allowing the group to maintain long‑term, low‑visibility access to organizations in the telecom, finance, and government sectors across Southeast Asia.

The compromise enables extensive data collection, credential harvesting, and lateral movement, creating a persistent espionage foothold that can be used for future operations or supply‑chain attacks. Defenders must prioritize immediate patching of CVE‑2025‑8088, deploy detection signatures for the custom loader, and enhance network monitoring for anomalous protocol usage. Early identification and containment are critical to prevent prolonged exposure and protect sensitive regional assets.

Categories: Malware & Ransomware, Vulnerabilities & Exploits, Compliance & Regulation

Source: Read original article