Cybersecurity experts at Google have identified ongoing exploitation of a vulnerability in the widely used WinRAR archiver by hackers affiliated with Russian and Chinese authorities. The flaw, originally discovered as CVE-2023-38831 by cybersecurity firm Group-IB, allows the introduction of malicious scripts into archives, masking them as innocent image files and text documents. Classified as a zero-day vulnerability in April, it was used by attackers who compromised at least 130 traders’ computers.
Delayed Updates Pose Risks
Although Rarlab, the developer of WinRAR, released the critical WinRAR 6.23 update on August 2 to address the vulnerability, Google’s Threat Analysis Group (TAG) reports that hackers associated with the Russian and Chinese authorities continue to exploit it. Many users have yet to update their WinRAR, leaving their PCs susceptible to these cyberattacks.
Targeted Cyberattacks Persist
The cyberattacks using this vulnerability are attributed to various groups, including Sandworm, APT28 (Fancy Bear), and APT40. These groups are known for launching phishing campaigns in which victims unknowingly open infected archives, notes NIX Solutions. TAG experts emphasize the continued effectiveness of such cyberattacks, even when targeting known and corrected vulnerabilities, underlining the urgency for users to update their software.