State-sponsored threat actors from Russia and China continue to throttle the remote code execution (RCE) WinRAR vulnerability in unpatched systems to deliver malware to targets.
Researchers at Google’s Threat Analysis Group (TAG) have been tracking attacks in recent weeks that exploit CVE-2023–38831 to deliver infostealers and backdoor malware, particularly to organizations in Ukraine and Papua New Guinea. The flaw is a known and patched vulnerability in RarLab’s popular WinRAR file archiver tool for Windows, but systems that haven’t been updated remain vulnerable.
“TAG has observed government-backed actors from a number of countries exploiting the WinRAR vulnerability as part of their operations,” Kate Morgan from Google TAG wrote in a blog post.
Leave a reply