Amaranth‑Dragon weaponizes CVE‑2025‑8088 against SE Asia critical infrastructure

Checkpoint’s threat‑intelligence team has linked the state‑aligned group Amaranth‑Dragon to active exploitation of the newly disclosed CVE‑2025‑8088. The actors deployed a custom exploit chain that leverages the vulnerability to gain initial foothold on targeted networks, then installed bespoke persistence modules and anti‑forensic tools to remain hidden. Their campaign focuses on government ministries, energy providers, and telecom operators across Southeast Asia, using the same code base and command‑and‑control infrastructure observed in previous espionage operations.

The breach gives adversaries the ability to execute arbitrary code, exfiltrate sensitive data, and potentially disrupt critical services. Defenders must prioritize patching CVE‑2025‑8088 across all vulnerable assets, implement strict network segmentation, and deploy detection signatures for the group’s unique payloads and C2 patterns. Early identification of the custom tools and IOC indicators is essential to prevent long‑term compromise and protect regional infrastructure from further espionage or sabotage.

Categories: Vulnerabilities & Exploits, Malware & Ransomware, Threat Intelligence

Source: Read original article