"Russian APT Groups Exploit WinRAR Vulnerability to Target Embassies"
A state-sponsored Russian hacker group known as APT29, or various other names including Cozy Bear and SolarStorm, has been exploiting the CVE-2023-38831 vulnerability in WinRAR to target embassy entities. They have been using a BMW car sale lure to deliver a malicious ZIP archive that runs a script in the background, allowing them to download and execute a payload. APT29 has also been utilizing Ngrok's new feature of free static domains to hide their communication with compromised systems. The Ukrainian National Security and Defense Council (NDSC) has provided indicators of compromise (IoCs) for detection.