Security News > 2023 > October > Google links WinRAR exploitation to multiple state hacking groups

Google links WinRAR exploitation to multiple state hacking groups
2023-10-18 15:00

Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems.

Google's Threat Analysis Group, a team of security experts who defend Google users from state-sponsored attacks, has detected state hackers from several countries targeting the bug, including the Sandworm, APT28, and APT40 threat groups from Russia and China.

"In recent weeks, Google's Threat Analysis Group's has observed multiple government-backed hacking groups exploiting the known vulnerability, CVE-2023-38831, in WinRAR, which is a popular file archiver tool for Windows," Google said today.

Within hours of Group-IB disclosing their findings, proof of concept exploits began surfacing on public GitHub repositories, immediately leading to what Google TAG describes as CVE-2023-38831 "Testing activity" by financially motivated hackers and APT groups.

"The widespread exploitation of the WinRAR bug highlights that exploits for known vulnerabilities can be highly effective, despite a patch being available. Even the most sophisticated attackers will only do what is necessary to accomplish their goals," Google said.

Russian Sandworm hackers breached 11 Ukrainian telcos since May. WinRAR zero-day exploited since April to hack trading accounts.


News URL

https://www.bleepingcomputer.com/news/security/google-links-winrar-exploitation-to-multiple-state-hacking-groups/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-08-23 CVE-2023-38831 Insufficient Verification of Data Authenticity vulnerability in Rarlab Winrar
RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive.
local
low complexity
rarlab CWE-345
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 253 4216 4506 727 9702