Gamaredon, an FSB-attributed Russian APT group, is actively exploiting CVE-2025-8088, a path traversal vulnerability in WinRAR, to deliver a four-stage modular malware chain against Ukrainian government, military, and critical infrastructure targets. Organizations outside Ukraine with supply chain relationships to Ukrainian defense or government entities, or any enterprise running unpatched WinRAR, carry meaningful exposure to this campaign. The attack chain includes lateral movement via removable media propagation and data exfiltration to AWS S3, making it difficult to detect at the network perimeter.