Russian and Chinese hackers have recently exploited a vulnerability found in outdated versions of WinRAR, a popular compression tool. Google’s Threat Analysis Group (TAG) has observed numerous hacking campaigns taking advantage of this bug since early 2023. To combat these attacks, Google is urging organizations and individuals to regularly update their software and promptly install security updates.
According to Google, the vulnerability is present in all WinRAR products released prior to version 6.23, which was launched in August after the bug was discovered. The first public attention regarding the vulnerability was brought by Group-IB, a cybersecurity company. They revealed how hackers utilized it to gain unauthorized access to a finance forum, enabling them to withdraw funds from members’ brokerage accounts.
The cybercriminals cleverly disguised their malicious scripts within files appearing as various formats like .jpg or .txt. Google has specifically identified two hacking groups exploiting the WinRAR vulnerability. The first, known as “Sandworm,” targeted individuals associated with the energy and defense sectors in Ukraine and Eastern Europe. They utilized phishing campaigns to carry out their attacks. On the other hand, the second group, called “APT 40,” launched a malicious campaign against Papua New Guinea.
RARLAB, the company responsible for WinRAR, expressed gratitude to Group-IB and the Zero Day Initiative for identifying the vulnerability. They strongly advised users to install the latest version of WinRAR. This incident underlines the ongoing problem of users neglecting to keep their software up-to-date. Google’s TAG team emphasizes the significance of patching and simplifying the process of software updates to help users maintain the security and efficacy of their systems.
“Social media scholar. Reader. Zombieaholic. Hardcore music maven. Web fanatic. Coffee practitioner. Explorer.”