![]() ![]() ![]() Google researchers also analyzed a file ( IOC_09_11.rar) that was uploaded on VirusTotal in September and that triggers a PowerShell script that steals browser login data and local state directories. ![]() The emails they sent out contained an invitation to join the school and a booby-trapped archive file that, when unpacked with a vulnerable version of WinRAR, would also run the Rhadamanthys infostealer.Īround the same time, Fancy Bear (APT28) – which is also believed to be sponsored by the Russian government – targeted Ukrainians working in the energy sector with a fake event invitation from a public policy think tank in Ukraine. The infamous Sandworm hackers impersonated a Ukrainian drone warfare training school in early September. Google’s analysts have flagged several campaigns using CVE-2023-38831 and have shared IoCs related to all of those attacks. “The widespread exploitation of the WinRAR bug highlights that exploits for known vulnerabilities can be highly effective, despite a patch being available,” Google TAG analysts have noted.Ī proof of concept for generating ZIP archives capable of triggering CVE-2023-38831 is available online. A number of government-backed APTs are exploiting CVE-2023-38831, a file extension spoofing vulnerability in WinRAR, a widely used file archiver utility for Windows.ĬVE-2023-38831 has been patched in August 2023, along with another high-severity RCE vulnerability (CVE-2023-40477).Įxploited as a zero-day by cybercriminals since April 2023, the vulnerability is now also being used by state-sponsored hacking groups. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |