Tag

Winrar Exploit

All articles tagged with #winrar exploit

Ukrainian Firms Under Attack: WinRAR Exploit Unleashes LONEPAGE Malware

Originally Published 2 years ago — by The Hacker News

The threat actor UAC-0099 has been targeting Ukrainian firms using a high-severity vulnerability in WinRAR to distribute the LONEPAGE malware. The attacks involve phishing messages with HTA, RAR, and LNK file attachments, leading to the deployment of LONEPAGE, a VBS malware capable of retrieving additional payloads. UAC-0099 has gained unauthorized remote access to several dozen computers in Ukraine. The group also utilizes self-extracting archives and ZIP files to exploit the WinRAR vulnerability. The attacks rely on PowerShell and the creation of a scheduled task to execute a VBS file. Additionally, CERT-UA has warned of a new wave of phishing messages attributed to UAC-0050, spreading the Remcos RAT.

technology cybersecurity cybersecurity lonepage-malware phishing-attacks uac-0099 ukraine winrar-exploit

"Russian APT Groups Exploit WinRAR Vulnerability to Target Embassies"

Originally Published 2 years ago — by BleepingComputer

A state-sponsored Russian hacker group known as APT29, or various other names including Cozy Bear and SolarStorm, has been exploiting the CVE-2023-38831 vulnerability in WinRAR to target embassy entities. They have been using a BMW car sale lure to deliver a malicious ZIP archive that runs a script in the background, allowing them to download and execute a payload. APT29 has also been utilizing Ngrok's new feature of free static domains to hide their communication with compromised systems. The Ukrainian National Security and Defense Council (NDSC) has provided indicators of compromise (IoCs) for detection.

business cybersecurity apt29 cybersecurity embassy-attacks ngrok russian-hackers winrar-exploit