{"id":511894,"date":"2023-10-19T15:49:56","date_gmt":"2023-10-19T13:49:56","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=511894"},"modified":"2023-10-19T15:51:46","modified_gmt":"2023-10-19T13:51:46","slug":"state-backed-hackers-exploit-flaw-in-software-used-by-over-500-million-people","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/511894-state-backed-hackers-exploit-flaw-in-software-used-by-over-500-million-people.html","title":{"rendered":"State-backed hackers exploit flaw in software used by over 500 million people"},"content":{"rendered":"<p>Google&#8217;s Threat Analysis Group (TAG) <strong><a href=\"https:\/\/blog.google\/threat-analysis-group\/government-backed-actors-exploiting-winrar-vulnerability\/\" target=\"_blank\" rel=\"noopener\">says<\/a><\/strong> several state-backed hacking groups are exploiting a high-severity vulnerability in older versions of WinRAR \u2014 compression software over 500 million people use.<\/p>\n<p>These attackers aim to gain arbitrary code execution privileges on victims&#8217; systems by exploiting the vulnerability.<\/p>\n<p>TAG has observed that state-backed hackers from several countries, including the Sandworm, APT28, and APT40 groups from Russia and China, are exploiting the vulnerability.<\/p>\n<p>&#8220;In recent weeks, Google&#8217;s TAG has observed multiple government-backed hacking groups exploiting the known vulnerability, CVE-2023-38831, in WinRAR, which is a popular file archiver tool for Windows,&#8221; said Google TAG.<\/p>\n<p>&#8220;A patch is now available, but many users still seem to be vulnerable. TAG has observed government-backed actors from a number of countries exploiting the WinRAR vulnerability as part of their operations.&#8221;<\/p>\n<p>The WinRAR vulnerability has been actively exploited as a zero-day since April 2023. Threat actors attempt to gain access to targets&#8217; systems by tricking them into opening malicious RAR and ZIP archives.<\/p>\n<p>The bug has been used to deliver various malware payloads, including DarkMe, GuLoader, and Remcos RAT.<\/p>\n<p>In an attack in September, the Russian threat group Sandworm distributed Rhadamanthys infostealer malware via fake invitations to a Ukrainian drone flying school.<\/p>\n<p>APT28 attackers targeted Ukranian users through exploits hosted on a server provided by a free hosting provider. They used a malicious IRONJAW PowerShell script to make off with browser credentials.<\/p>\n<p>Researchers also observed attacks against targets in Papua New Guinea from the Chinese threat group APT40.<\/p>\n<p>The threat actors distributed ISLANDSTAGER and BOXRAT, letting them establish long-term access to infected systems.<\/p>\n<hr \/>\n<h3 class=\"my-4\">Now read: <a href=\"https:\/\/mybroadband.co.za\/news\/security\/511138-justice-department-wants-to-fight-r5-million-fine-over-ransomware-attack-in-court.html\" rel=\"bookmark\">Justice department wants to fight R5 million fine over ransomware attack in court<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>Google&#8217;s Threat Analysis Group observed that state-backed hackers from several countries, including the Sandworm, APT28, and APT40 groups from Russia and China were exploiting a vulnerability in WinRAR.<\/p>\n","protected":false},"author":341076,"featured_media":512016,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[73164,90136,35,801,90134,33152],"class_list":["post-511894","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-apt28","tag-apt40","tag-headline","tag-malware","tag-sandworm","tag-winrar"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/511894"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341076"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=511894"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/511894\/revisions"}],"predecessor-version":[{"id":512010,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/511894\/revisions\/512010"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/512016"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=511894"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=511894"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=511894"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}