One of these groups includes a Russian military intelligence unit dubbed Sandworm, which is known for destructive cyberattacks, like the NotPetya ransomware attack it launched in 2017 that primarily hit computer systems in Ukraine and disrupted the country’s power grid. In research shared with TechCrunch ahead of its publication, TAG says it has observed multiple campaigns exploiting the WinRAR zero-day bug, which it has tied to state-backed hacking groups with links to Russia and China. Your digital security depends on it.Despite this, Google’s Threat Analysis Group (TAG) said this week that its researchers have observed multiple government-backed hacking groups exploiting the security flaw, noting that “many users” who have not updated the app remain vulnerable. Don’t wait – stay protected by regularly checking for updates and applying them as soon as they become available. You can get WinRaR’s latest version on its official website. Updating your WinRAR software ensures that you have the latest security patches and enhancements, significantly reducing the risk of falling victim to cyberattacks. To safeguard your system and personal data from potential threats, it’s crucial to keep your WinRAR installer up-to-date with the latest version. Update Your WinRAR Installer to the Latest Version This widespread exploitation highlights that “exploits for known vulnerabilities can be highly effective, despite a patch being available” and indicates the importance of prompt application of security patches. “A logical vulnerability within WinRAR causing extraneous temporary file expansion when processing crafted archives, combined with a quirk in the implementation of Windows’ ShellExecute when attempting to open a file with an extension containing spaces.” Google’s Threat Analysis Group (TAG) The Ukrainian drone-based email campaign Sandworm launched on September 6th exploits this bug to deliver a ZIP archive file.ĪPT28 is also linked to the same unit but focuses on targeting Ukrainian government entities with a spearphishing campaign. APT40 is associated with the Chinese government and exploited this bug in late August to launch a phishing campaign targeting Papua New Guinea. These include Sandworm aka FROZENBARENTS, Russian APT28 aka Fancy Bear or FROZENLAKE, and APT40 aka ISLANDDREAMS.įor your information, Sandworm is affiliated with the Russian Armed Forces’ Main Directorate of the General Staff Unit 74455 and likes to target the energy sector. Regarding the state-sponsored actors exploiting the WinRAR bug, TAG noted that three different clusters of attackers are involved. Users have to download the patch manually. It was fixed in WinRAR versions 6.24 and 6.23. This is probably because the WinRAR tool doesn’t have an auto-update feature. TAG’s Kate Morgan wrote in the report published on 18 October that despite that a patch was released soon after it was discovered, many devices remain unpatched and are vulnerable to exploitation. It was first reported by Group-IB researchers. Until August, this bug was exploited as zero-day. Now state-backed actors are exploiting it. The vulnerability is tracked as CVE-2023-38831, and it was exploited for the first time in early 2023 by cybercrime groups before it was identified by defenders. Google’s Threat Analysis Group (TAG) has discovered that state-backed threat actors are continuously exploiting a known vulnerability in the popular file archiver tool for Windows, WinRAR. It has now come to light that the vulnerability continues to be exploited, despite the availability of a security patch. On August 25, 2023, reported a 0-day vulnerability in WinRAR, which was actively exploited worldwide, targeting 130 traders to successfully steal funds. Organizations must protect their networks by implementing a robust vulnerability management program and deploying endpoint security solutions. Google has urged users to immediately apply the latest WinRAR patch to prevent their devices from being invaded by state-backed actors. State-sponsored actors from a number of countries are exploiting this vulnerability in their malicious operations. This vulnerability lets hackers execute arbitrary code on the targeted device.Īttackers can steal sensitive data, hijack the victim’s computer, and install malware. Google’s TAG researchers have found that government-sponsored hackers are actively exploiting an already discovered WinRAR vulnerability. According to Google’s Threat Analysis Group (TAG), the group exploiting the vulnerability comprises Sandworm, Fancy Bear, and APT40, all associated with the Russian government and military.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |