Amaranth‑Dragon weaponizes CVE‑2025‑8088 against SE Asia enterprises

Checkpoint researchers have confirmed that the state‑aligned threat group Amaranth‑Dragon has added the newly disclosed CVE‑2025‑8088 remote code execution flaw to its espionage arsenal. The group now deploys a multi‑stage payload that first exploits the vulnerability to gain initial code execution on vulnerable servers, then installs a custom backdoor and initiates credential‑stealing modules. Early activity shows a focus on high‑value targets in Southeast Asia, including government agencies, telecom operators, and critical infrastructure providers.

The exploitation chain gives the adversary persistent, low‑noise access, enabling data exfiltration and lateral movement across internal networks. Defenders should prioritize patching the affected software, enforce strict outbound traffic monitoring, and update detection signatures to flag the new payload stages. Failure to remediate quickly could result in prolonged espionage campaigns and compromise of sensitive regional assets.

Categories: Vulnerabilities & Exploits, Malware & Ransomware, Threat Intelligence

Source: Read original article