Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus

September 3, 2024 at 09:54AM Head Mare, a hacktivist group active since 2023, targets organizations in Russia and Belarus using advanced methods. Exploiting a recent WinRAR vulnerability, the group conceals and delivers malicious payloads effectively. It employs ransomware like LockBit and Babuk, with tools such as PhantomDL and PhantomCore, and is linked to the Russo-Ukrainian … Read more

SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities

November 7, 2023 at 04:42AM The Pakistan-linked threat actor called SideCopy has been using a recent WinRAR security vulnerability to target Indian government entities. They are delivering remote access trojans such as AllaKore RAT, Ares RAT, and DRat. This campaign is multi-platform, targeting both Windows and Linux systems. SideCopy is suspected to be a sub-group … Read more

Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw

October 19, 2023 at 12:33AM State-backed threat actors from Russia and China are exploiting a security flaw in the WinRAR archiver tool for Windows. The vulnerability (CVE-2023-38831) allows attackers to execute code when a user tries to view a benign file in a ZIP archive. The attackers include FROZENBARENTS (Sandworm), FROZENLAKE (APT28), and ISLANDDREAMS (APT40). … Read more

Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign

October 16, 2023 at 10:03AM Russian hacking groups have been exploiting a security vulnerability in the WinRAR archiving utility to launch a phishing campaign. The attack involves malicious archive files that exploit the vulnerability, allowing the attacker to gain remote access to compromised systems. The campaign also steals data from Google Chrome and Microsoft Edge … Read more