Intrusions exploiting the WinRAR path traversal flaw, tracked as CVE-2025-8088, have been launched by newly emergent threat operation Amaranth Dragon, which is associated with Chinese state-backed hacking group APT41, against Southeast Asian government and law enforcement agencies since August, BleepingComputer reports.Amaranth Dragon used the WinRAR exploit to inject an illicit script in the Startup folder and create a Registry Run key, which facilitated the subsequent launch of the Amaranth Loader that decrypted the Havoc C2 post-exploitation framework, findings from a Check Point Research analysis showed. Newer Amaranth Dragon attacks involved the TGAmaranth remote access tool, which enables file uploading and downloading, as well as screenshot capturing and process enumeration, while ensuring stealth via several endpoint detection and response and antivirus system protections, according to researchers, who regarded Amaranth Dragon as a technically sophisticated threat actor.Such findings come after APT44, Turla, and other hacking groups were reported by Google Threat Intelligence researchers to have been using CVE-2025-8088 in ongoing attacks.
Vulnerability Management, Patch/Configuration Management, Threat Intelligence
WinRAR vulnerability weaponized in China-linked cyberespionage

Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



