October 18, 2023 at 12:49PM
Google’s Threat Analysis Group has identified state-backed hacking groups, including Sandworm, APT28, and APT40, exploiting a vulnerability in WinRAR, a popular compression software. The bug allows attackers to execute arbitrary code on users’ systems. Despite a patch being available, many users remain vulnerable. The bug has been exploited since April, and various malware payloads have been delivered using it. The widespread exploitation emphasizes the need for patching and user awareness.
Key Takeaways from Meeting Notes:
– State-backed hacking groups have been exploiting a high-severity vulnerability in WinRAR, a popular compression software used by over 500 million users.
– The threat groups involved in these attacks include Sandworm, APT28, and APT40 from Russia and China.
– The vulnerability, known as CVE-2023-38831, has been exploited since at least April 2023 and allows attackers to gain arbitrary code execution on targeted systems.
– Multiple government-backed actors from different countries have been observed exploiting the WinRAR vulnerability.
– The attacks have targeted various sectors, including Ukrainian users, cryptocurrency and stock trading forums, and targets in Papua New Guinea.
– The zero-day vulnerability was fixed with the release of WinRAR version 6.23 on August 2, along with other security flaws.
– The attacks highlight the importance of patching software and the ongoing need to make it easier for users to keep their software up-to-date and secure.