"Russian APT Groups Exploit WinRAR Vulnerability to Target Embassies"

November 19, 2023 at 04:14 PM

•

1 min read

"Russian APT Groups Exploit WinRAR Vulnerability to Target Embassies" — Photo: BleepingComputer

TL;DR Summary

A state-sponsored Russian hacker group known as APT29, or various other names including Cozy Bear and SolarStorm, has been exploiting the CVE-2023-38831 vulnerability in WinRAR to target embassy entities. They have been using a BMW car sale lure to deliver a malicious ZIP archive that runs a script in the background, allowing them to download and execute a payload. APT29 has also been utilizing Ngrok's new feature of free static domains to hide their communication with compromised systems. The Ukrainian National Security and Defense Council (NDSC) has provided indicators of compromise (IoCs) for detection.

Topics:business #apt29 #cybersecurity #embassy-attacks #ngrok #russian-hackers #winrar-exploit

Share this article

Russian hackers use Ngrok feature and WinRAR exploit to attack embassies BleepingComputer
DarkCasino joins the list of APT groups exploiting WinRAR zero-day Security Affairs
Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies Security Affairs
View Full Coverage on Google News

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

82%

518 → 94 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights