Amaranth‑Dragon Weaponizes CVE‑2025‑8088 in Southeast Asian Espionage Surge

Check Point researchers have traced a new wave of activity to the Amaranth‑Dragon threat group, a known offshoot of APT‑41. The actors are exploiting the freshly disclosed CVE‑2025‑8088 flaw in a widely deployed enterprise software suite to gain initial footholds across government agencies and private‑sector firms in Southeast Asia. Their tooling shows a high degree of customization, including stealthy payload delivery and encrypted C2 channels, indicating a mature, resource‑rich operation.

The campaign has already resulted in the exfiltration of sensitive policy documents, intellectual property, and network credentials, raising the risk of further lateral moves and long‑term espionage. Defenders must prioritize immediate patching of CVE‑2025‑8088, enforce strict network segmentation, and deploy anomaly‑based detection to spot the group’s distinctive beacon patterns. Failure to act quickly could expose critical infrastructure and strategic assets to ongoing intelligence harvesting.

Categories: Vulnerabilities & Exploits, Threat Intelligence, AI Security & Threats

Source: Read original article