State-supported hackers from Russia and China have taken advantage of a fixed vulnerability in the widely utilized WinRAR archiving utility for Windows, raising concerns among cybersecurity specialists. The weakness, referred to as CVE-2023-38831, enables assailants to conceal harmful scripts in archive files disguised as innocuous images or text files. Cybersecurity company Group-IB revealed that a minimum of 130 traders suffered device compromises due to this exploit. Moreover, these attacks have led to substantial financial losses and data breaches for the affected organizations. Experts warn businesses and individuals to remain vigilant and update their software regularly to mitigate the risks posed by state-sponsored cyberattacks.
Rarlab, the firm responsible for WinRAR, issued an upgraded version (6.23) on August 2 to tackle this vulnerability. However, Google’s Threat Analysis Group (TAG) discovered that multiple state-supported hacking groups persistently exploited the flaw, focusing on users who have not yet updated their software. This alarming revelation highlights the importance of regularly updating software to protect against potential cyber threats. As a result, users are strongly urged to update their WinRAR software to version 6.23 or later to secure their systems from these targeted attacks.
Links to Russian and Chinese hacking organizations
TAG’s investigation connected the exploit to hacking organizations linked to Russia and China, including the infamous Russian military intelligence unit Sandworm, which participated in the 2017 NotPetya ransomware assault. These groups are known for their highly sophisticated cyber operations, posing a significant threat to global security. Governments and private cyber security firms have been working diligently to counter their malicious activities and protect sensitive data from being compromised.
Additionally, the Russian-bolstered hacking group APT28, also known as Fancy Bear, was seen exploiting the WinRAR vulnerability. They directed their efforts at users in Ukraine through a different email campaign, acting as the Razumkov Centre – a public policy research institute in the nation. This malicious campaign spread emails containing a compromised version of the institute’s report on the presidential election, allowing the hackers to infiltrate the user’s systems. As a result, unsuspecting victims inadvertently exposed their sensitive information and networks to cybercriminals, providing ample opportunities for data breaches and system disruptions.
Featured Image Credit: Photo by Pixabay; Pexels; Thank you!