- Pro-Russian hackers target WinRAR flaw in a new phishing campaign to steal user credentials
- APT29 intensifies phishing operations against diplomatic entities and Ukraine
- Users urged to stay vigilant and update software due to the WinRAR vulnerability
Pro-Russian hacking groups have launched a new phishing campaign that exploits a recently disclosed security vulnerability in the WinRAR archiving utility. The campaign is designed to harvest credentials from compromised systems. The development comes as Google-owned Mandiant charted Russian nation-state actor APT29’s “rapidly evolving” phishing operations targeting diplomatic entities amid an uptick in tempo and an emphasis on Ukraine in the first half of 2023. Ukrainian cybersecurity agencies, in a report last month, also revealed that Kremlin-backed threat actors targeted domestic law enforcement entities to collect information about Ukrainian.
The phishing campaign is initiated by sending emails that appear to be from legitimate sources, such as banks or other financial institutions, to trick users into clicking on a malicious link or downloading an attachment that contains malware. The malware then exploits the WinRAR vulnerability to gain access to the system and harvest credentials.
The WinRAR vulnerability was first disclosed in September 2023 and allows attackers to execute arbitrary code on a victim’s system. The vulnerability affects all versions of WinRAR prior to version 6.0.
This recent campaign highlights the need for users to be vigilant when receiving emails from unknown sources and to ensure that their software is up to date with the latest security patches. It also highlights the ongoing threat posed by pro-Russian hacking groups and their continued targeting of Ukraine and other countries.
