Threat Actor Deploys Athena Agent in Advanced Spear Phishing Attack

Researchers have discovered a spear phishing attack on a Russian semiconductor supplier that exploited a critical vulnerability in WinRAR. The attack used a malicious payload called Athena Agent, which grants complete control over compromised systems. The Athena Agent is a cross-platform tool with various features, such as executing shellcode and capturing authentication details. The vulnerability in WinRAR, designated as CVE-2023-38831, quickly gained traction in the dark web community and was incorporated by multiple threat actors, including the APT-36 group. The attack involved phishing emails disguised as official communications from the Ministry of Industry and Trade of Russia, containing an archive file that triggered the download and execution of the Athena Agent. The Athena Agent is a crucial component of the Mythic C2 framework, allowing threat actors to gain control over compromised systems.