Russian State-Sponsored Hacking Group Abusing WinRAR Vulnerability To Target Embassies

Another Russian state-sponsored hacking group, APT29, also known as UNC3524, NobleBaron, Dark Halo, NOBELIUM, Cozy Bear, CozyDuke, and SolarStorm, is exploiting the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. APT29 has been targeting embassy entities by using a lure related to a BMW car sale. The security flaw in WinRAR versions before 6.23 allows the creation of .RAR and .ZIP archives that execute background code for malicious purposes. This zero-day vulnerability, exploited since April, is being used by threat actors to target cryptocurrency and stock trading forums. Read more...