Title: Google Researchers Uncover Russian and Chinese Hacking Groups Exploiting WinRAR Vulnerability
Word Count: 370
Russian and Chinese government-backed hackers have been taking advantage of a vulnerability in WinRAR, an archiving tool for Windows, according to Google security researchers. The flaw, identified as CVE-2023-38831, enables attackers to hide malicious scripts within seemingly harmless archive files.
Initially discovered by cybersecurity firm Group-IB, the vulnerability was classified as a zero-day, indicating that it had been exploited prior to the developer’s knowledge. While WinRAR has since released a patch to address the flaw, Google’s Threat Analysis Group (TAG) cautions that users who have yet to update their app remain susceptible.
TAG researchers have linked the exploitation of the vulnerability to well-known state-sponsored hacking groups associated with Russia and China, namely Sandworm and APT28 (Fancy Bear). Sandworm was observed exploiting the bug through a malicious email campaign masquerading as a Ukrainian drone warfare training school. On the other hand, APT28 targeted Ukrainian users by impersonating a public policy think tank.
Cluster25, a threat intelligence company, also reported instances of Russian hackers exploiting the WinRAR vulnerability in a phishing campaign. Moreover, Google researchers uncovered evidence of China-backed hacking group APT40 employing the WinRAR flaw to target users in Papua New Guinea.
The ongoing exploitation of the WinRAR bug serves as a stark reminder of the effectiveness of exploiting known vulnerabilities, particularly when slow patching rates are exploited. This highlights the importance of promptly updating software to prevent cyber attacks.
Google’s TAG researchers urge users to stay vigilant and ensure they have updated their WinRAR software to the latest version. By staying informed and practicing good cybersecurity hygiene, individuals can minimize the risk of falling victim to these state-sponsored hacking campaigns.
As governments seek to gain an upper hand in cyberspace, it is crucial for tech companies, cybersecurity firms, and users alike to remain vigilant and strengthen their defenses against such threats.
“Infuriatingly humble tv expert. Friendly student. Travel fanatic. Bacon fan. Unable to type with boxing gloves on.”