Government-backed hackers from Russia and China exploited a known vulnerability in outdated versions of WinRAR, the world’s most popular compression tool with over 500 million users. This was announced by Google’s Threat Analysis Group (TAG) on Wednesday observed a series of state-backed hacking campaigns exploiting the WinRAR flaw, starting in early 2023.
“To ensure protection, we urge organizations and users to keep software up to date and install security updates as they become available,” Google’s Kate Morgan said in a TAG blog post.
The vulnerability exists in all of RARLAB’s WinRAR products prior to version 6.23, which was released in August shortly after the flaw was discovered. The vulnerability was brought to light by Group-IBIt revealed how hackers managed to infiltrate a financial forum full of traders, infect 130 forum members’ devices and withdraw funds from their brokerage accounts.
“The cybercriminals are exploiting a vulnerability that allows them to spoof file extensions,” wrote Andrey Polovinkin, malware analyst at Group-IB, in one blog entry already in August. “They are able to hide the launch of a malicious script in an archive disguised as ‘.jpg’, ‘.txt’ or another file format.”
Google identified the Russian Armed Forces group “Sandworm” as a hacker exploiting this vulnerability in the WinRAR code. Using phishing campaigns, Sandworm specifically targeted users with ties to the energy and defense sectors in Ukraine and Eastern Europe. Another group was “APT 40”. linked Google has been found to be launching a malicious campaign against Papua New Guinea, according to the Chinese Foreign Ministry.
In one note For WinRAR’s version 6.23, the first update to fix the bug, RARLAB thanked Group-IB and the Zero Day Initiative for alerting them to the vulnerability and “strongly recommends installing the latest version.”
It has long been known that users don’t update their software as often as they should, especially people who are initially not very familiar with computers.
“These recent campaigns exploiting the WinRAR flaw underscore the importance of patches and that there is still much work to be done to make it easier for users to keep their software secure and up to date,” the TAG said. Google team.