Russian hackers use Ngrok feature and WinRAR exploit to attack embassies

November 20, 2023 at 09:42AM APT29, a state-sponsored Russian hacker group, is exploiting the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. The group is using a BMW car sale lure to target embassy entities. The vulnerability allows for execution of malicious code through crafted .RAR and .ZIP archives. APT29 has been using a Ngrok static domain … Read more

Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw

November 16, 2023 at 09:00AM A hacking group known as DarkCasino, initially discovered in 2021, has now been categorized as an advanced persistent threat (APT). They have exploited a recently disclosed security flaw in WinRAR software as a zero-day. DarkCasino’s attacks are frequent and they demonstrate a strong desire to steal online property. Multiple threat … Read more

Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw

October 19, 2023 at 12:33AM State-backed threat actors from Russia and China are exploiting a security flaw in the WinRAR archiver tool for Windows. The vulnerability (CVE-2023-38831) allows attackers to execute code when a user tries to view a benign file in a ZIP archive. The attackers include FROZENBARENTS (Sandworm), FROZENLAKE (APT28), and ISLANDDREAMS (APT40). … Read more

Three Months After Patch, Gov-Backed Actors Exploiting WinRAR Flaw

October 18, 2023 at 01:48PM Google’s Threat Analysis Group has found that government-backed hacking groups from Russia and China are still using a security flaw in the WinRAR file archiving utility, despite patches being released three months ago. The vulnerability, which allows attackers to execute code, has been known since at least April and is … Read more

Google links WinRAR exploitation to Russian, Chinese state hackers

October 18, 2023 at 12:49PM Google’s Threat Analysis Group has identified state-backed hacking groups, including Sandworm, APT28, and APT40, exploiting a vulnerability in WinRAR, a popular compression software. The bug allows attackers to execute arbitrary code on users’ systems. Despite a patch being available, many users remain vulnerable. The bug has been exploited since April, … Read more

Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign

October 16, 2023 at 10:03AM Russian hacking groups have been exploiting a security vulnerability in the WinRAR archiving utility to launch a phishing campaign. The attack involves malicious archive files that exploit the vulnerability, allowing the attacker to gain remote access to compromised systems. The campaign also steals data from Google Chrome and Microsoft Edge … Read more