Government-backed actors exploiting WinRAR vulnerability

[nicolaasjan]

Content source

https://blog.google/threat-analysis-group/government-backed-actors-exploiting-winrar-vulnerability/

In recent weeks, Google’s Threat Analysis Group’s (TAG) has observed multiple government-backed hacking groups exploiting the known vulnerability, CVE-2023-38831, in WinRAR, which is a popular file archiver tool for Windows. Cybercrime groups began exploiting the vulnerability in early 2023, when the bug was still unknown to defenders. A patch is now available, but many users still seem to be vulnerable. TAG has observed government-backed actors from a number of countries exploiting the WinRAR vulnerability as part of their operations.
To ensure protection, we urge organizations and users to keep software fully up-to-date and to install security updates as soon as they become available. After a vulnerability has been patched, malicious actors will continue to rely on n-days and use slow patching rates to their advantage. We also recommend use of Google’s Safe Browsing and Gmail, which block files containing the exploit.

 

[rooney49]

Interesting. Was having 6.23 version of Winrar which luckily has the patch. Still downloaded and installed the latest one v6.24. Thanks Nicolaasjan.

https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/

Looks like traders were also targeted using this vulnerability.