The WinRAR vulnerability, first discovered by cybersecurity company Group-IB earlier this year and tracked as CVE-2023-38831, allows attackers to hide malicious scripts in archive files that masquerade as seemingly innocuous images or text documents.
In research shared with TechCrunch ahead of its publication, TAG says it has observed multiple campaigns exploiting the WinRAR zero-day bug, which it has tied to state-backed hacking groups with links to Russia and China.
One of these groups includes a Russian military intelligence unit dubbed Sandworm, which is known for destructive cyberattacks, like the NotPetya ransomware attack it launched in 2017 that primarily hit computer systems in Ukraine and disrupted the country’s power grid.
Separately, TAG says it observed another notorious Russia-backed hacking group, tracked as APT28 and commonly known as Fancy Bear, using the WinRAR zero-day to target users in Ukraine under the guise of an email campaign impersonating the Razumkov Centre, a public policy think tank in the country.
Google’s findings follow an earlier discovery by threat intelligence company Cluster25, which said last week that it had also observed Russian hackers exploiting the WinRAR vulnerability as a phishing campaign designed to harvest credentials from compromised systems.
Google added that its researchers found evidence that the China-backed hacking group, known as APT40, which the U.S. government has previously linked to China’s Ministry of State Security, also abused the WinRAR zero-day flaw as part of a phishing campaign targeting users based in Papua New Guinea.
The original article contains 490 words, the summary contains 239 words. Saved 51%. I’m a bot and I’m open source!
This is the best summary I could come up with:
The WinRAR vulnerability, first discovered by cybersecurity company Group-IB earlier this year and tracked as CVE-2023-38831, allows attackers to hide malicious scripts in archive files that masquerade as seemingly innocuous images or text documents.
In research shared with TechCrunch ahead of its publication, TAG says it has observed multiple campaigns exploiting the WinRAR zero-day bug, which it has tied to state-backed hacking groups with links to Russia and China.
One of these groups includes a Russian military intelligence unit dubbed Sandworm, which is known for destructive cyberattacks, like the NotPetya ransomware attack it launched in 2017 that primarily hit computer systems in Ukraine and disrupted the country’s power grid.
Separately, TAG says it observed another notorious Russia-backed hacking group, tracked as APT28 and commonly known as Fancy Bear, using the WinRAR zero-day to target users in Ukraine under the guise of an email campaign impersonating the Razumkov Centre, a public policy think tank in the country.
Google’s findings follow an earlier discovery by threat intelligence company Cluster25, which said last week that it had also observed Russian hackers exploiting the WinRAR vulnerability as a phishing campaign designed to harvest credentials from compromised systems.
Google added that its researchers found evidence that the China-backed hacking group, known as APT40, which the U.S. government has previously linked to China’s Ministry of State Security, also abused the WinRAR zero-day flaw as part of a phishing campaign targeting users based in Papua New Guinea.
The original article contains 490 words, the summary contains 239 words. Saved 51%. I’m a bot and I’m open source!
I read “dubbed Sandworm” but my brain always displays darude Sandstorm in my mind.