{"id":174482,"date":"2023-10-20T03:03:16","date_gmt":"2023-10-20T08:03:16","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2023\/10\/patch-now-apts-continue-to-pummel-winrar-bug"},"modified":"2023-10-20T03:03:16","modified_gmt":"2023-10-20T08:03:16","slug":"patch-now-apts-continue-to-pummel-winrar-bug","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2023\/10\/patch-now-apts-continue-to-pummel-winrar-bug","title":{"rendered":"Patch Now: APTs Continue to Pummel WinRAR Bug"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/patch-now-apts-continue-to-pummel-winrar-bug.jpg\"><\/a><\/p>\n<p><a href=\"https:\/\/informatech.co\/3Fv2\">https:\/\/informatech.co\/3Fv2<\/a><\/p>\n<hr>\n<p>State-sponsored threat actors from <a href=\"https:\/\/www.darkreading.com\/ics-ot\/russia-midnight-blizzard-hackers-microsoft-teams-attacks\" target=\"_blank\">Russia<\/a> and <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/chinese-apt-targets-hong-kong-in-supply-chain-attack\" target=\"_blank\">China<\/a> continue to throttle the remote code execution (RCE) <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/lazarus-group-deathnote-cluster-pivots-defense-sector\" target=\"_blank\">WinRAR<\/a> vulnerability in unpatched systems to deliver malware to targets.<\/p>\n<p>Researchers at Google\u2019s Threat Analysis Group (TAG) have been tracking attacks in recent weeks that exploit <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-38831\" target=\"_blank\">CVE-2023\u201338831<\/a> to deliver infostealers and backdoor malware, particularly to organizations in Ukraine and Papua New Guinea. The flaw is a known and patched vulnerability in RarLab\u2019s popular WinRAR file archiver tool for Windows, but systems that haven\u2019t been updated remain vulnerable.<\/p>\n<p>\u201cTAG has observed government-backed actors from a number of countries exploiting the WinRAR vulnerability as part of their operations,\u201d Kate Morgan from Google TAG wrote in <a href=\"https:\/\/blog.google\/threat-analysis-group\/government-backed-actors-exploiting-winrar-vulnerability\/\" target=\"_blank\">a blog post<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>https:\/\/informatech.co\/3Fv2 State-sponsored threat actors from Russia and China continue to throttle the remote code execution (RCE) WinRAR vulnerability in unpatched systems to deliver malware to targets. Researchers at Google\u2019s Threat Analysis Group (TAG) have been tracking attacks in recent weeks that exploit CVE-2023\u201338831 to deliver infostealers and backdoor malware, particularly to organizations in Ukraine and [\u2026]<\/p>\n","protected":false},"author":662,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,1490],"tags":[],"class_list":["post-174482","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-government"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/174482","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/662"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=174482"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/174482\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=174482"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=174482"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=174482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}