Attacks exploiting WinRAR zero-day linked to Russian, Chinese hackers

TechCrunch reports that numerous Russian and Chinese state-backed hacking operations have been leveraging an already patched WinRAR vulnerability, tracked as CVE-2023-38831, in recent attacks. Malicious emails purporting to be from a Ukrainian drone warfare training academy that included an archive file exploiting CVE-2023-38831 were distributed by Russian advanced persistent threat group Sandworm to facilitate information-stealing malware compromise last month, a report from Google's Threat Analysis Group revealed. Ukrainians were also targeted by the Russian hacking group APT28, also known as Fancy Bear, with a phishing campaign exploiting the vulnerability. On the other hand, individuals in Papua New Guinea were subjected to attacks containing the flaw exploit conducted by Chinese state-sponsored threat group APT40. The findings, which come after Russian hackers were reported by Cluster25 to have used the WinRAR flaw in a phishing campaign, signify the persistent exploitation of slow vulnerability remediation rates in deploying attacks using known flaws, according to researchers.