According to TechRadar , security concerns about the popular file compression software WinRAR were first raised in early 2022, when hackers exploited vulnerabilities in the software to attack end users.
Now, the situation is repeating itself as there are new reports that a hacker nicknamed APT29, also known as Cosy Bear/NOBELIUM, is exploiting the WinRAR vulnerability to attack government agencies.
Vulnerability in WinRAR is being exploited for email attacks
As reported by Bleeping Computer , the National Defense and Security Council of Ukraine (NDSC) claims it has observed APT29 targeting government agencies with phishing emails using the vulnerability identified as CVE-2023-38831.
CVE-2023-38831 is a vulnerability in the WinRAR file compression program, discovered in April this year. It allows hackers to create .RAR and .ZIP archives that can execute malicious code in the background, while the victim is paying attention to the shared contents inside the archive. The malware deployed by APT29 is capable of stealing information, obtaining passwords saved in the browser, confidential documents, system information, etc.
APT29 is reportedly targeting government organizations in Azerbaijan, Greece, Romania, and Italy. Victims will receive a fake email offering a BMW for sale, and while they are focused on viewing images of the car, malware will be silently installed.
The vulnerability CVE-2023-38831 affects WinRAR software versions older than 6.23. RAR Labs released a patch a few months ago, recommending that all users install this version.
Source link
Comment (0)