Russian hackers exploit WinRAR vulnerability to attack Ukrainian users
Earlier this year, a bug was found in WinRAR that allowed attackers to hide malware in archive files. According to TechCrunch, Chinese and Russian hackers are taking advantage of this bug.
In August, Rarlab, the developers of WinRAR, released an update to the program that fixed this vulnerability, known as CVE-2023-38831, but many users running outdated versions are still at risk.
One of Google’s departments, the Threat Analysis Group, conducted an investigation that revealed that this bug was used by hackers from the Russian group Sandworm, which is known for its attack on Ukraine’s energy infrastructure in 2017.
According to TAG, the group exploited the WinRAR vulnerability in September of this year in an email campaign that posed as a Ukrainian drone training school. The emails contained a link to an archive file that installed malware to steal users’ confidential information.
Another Russian hacker group, APT28, attacked Ukrainian users under the guise of a mailing list posing as the Razumkov Center.
To avoid becoming one of the victims of such hacker attacks, make sure you have updated WinRAR to version 6.23