Government-Backed Actors Exploiting WinRAR Vulnerability
Google's Threat Analysis Group (TAG) has observed multiple government-backed hacking groups exploiting a known vulnerability in WinRAR, a popular file archiver tool for Windows. The vulnerability, known as CVE-2023-38831, allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. Cybercrime groups have been exploiting this vulnerability since early 2023, and although a patch is available, many users are still vulnerable. TAG recommends keeping software up-to-date by installing security updates promptly. The article also provides details on specific campaigns conducted by various government-backed groups exploiting the WinRAR vulnerability. It emphasizes the importance of patching and keeping software secure to prevent such exploits. The article concludes with a list of indicators of compromise (IoCs) associated with these campaigns.