Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw


A number of state-back threat actors from Russia and China have been observed exploiting a recent security flaw in the WinRAR archiver tool for Windows as part of their operations.

The vulnerability in question is CVE-2023-38831 (CVSS score: 7.8), which allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The shortcoming has been actively exploited since at least April 2023.

Google Threat Analysis Group (TAG), which detected the activities in recent weeks, attributed them to three different clusters it tracks under the geological monikers FROZENBARENTS (aka Sandworm), FROZENLAKE (aka APT28), and ISLANDDREAMS (aka APT40).

Read more…