May 31, 2024 at 11:15AM A month-long phishing campaign by the Russia-aligned threat actor group FlyingYeti used a WinRAR vulnerability to deliver the Cookbox malware to Ukrainian citizens. The attack aimed to exploit financial distress following the lifting of a government moratorium on evictions and utility disconnections. Cloudforce One recommended security measures to mitigate potential … Read more
December 22, 2023 at 03:42AM UAC-0099, a threat actor, is targeting Ukrainian employees at foreign companies with malware attacks, leveraging a WinRAR vulnerability to deliver the LONEPAGE strain. The attacks use various file attachments and exploit methods, including phishing messages, to deploy the malware. Deep Instinct’s analysis reveals the tactics employed and warns of a … Read more
December 5, 2023 at 07:22PM Fancy Bear, a Russian cyber-spy group, has been targeting US and European agencies using patched Outlook and WinRAR flaws for phishing campaigns. Microsoft and Polish Cyber Command observed unauthorized access to high-value email accounts. Over 10,000 emails were used to exploit the vulnerabilities. Proofpoint expects continued exploitation of unpatched systems … Read more
November 18, 2023 at 02:24AM Russian cyber espionage actors affiliated with the Federal Security Service (FSB) are using a USB worm called LitterDrifter in attacks on Ukrainian entities. The worm spreads malware via USB drives and communicates with the threat actor’s command-and-control servers. The cybersecurity firm Check Point has observed signs of possible infection outside … Read more
November 7, 2023 at 04:42AM The Pakistan-linked threat actor called SideCopy has been using a recent WinRAR security vulnerability to target Indian government entities. They are delivering remote access trojans such as AllaKore RAT, Ares RAT, and DRat. This campaign is multi-platform, targeting both Windows and Linux systems. SideCopy is suspected to be a sub-group … Read more
October 19, 2023 at 11:05AM State-sponsored threat actors from Russia and China are exploiting the WinRAR vulnerability in unpatched systems to deliver malware. Google TAG has observed attacks targeting organizations in Ukraine and Papua New Guinea. The flaw is a known vulnerability in WinRAR, but many systems remain vulnerable. Patching remains a global challenge for … Read more
October 18, 2023 at 11:16AM State-backed hacking groups, including Sandworm, APT28, and APT40, are exploiting a vulnerability in WinRAR to execute arbitrary code on targeted systems. The bug, known as CVE-2023-38831, has been exploited since April 2023, enabling threat actors to deliver various malware payloads. Despite a patch being available, many users remain vulnerable. Google … Read more