A vulnerability exists in WinRAR file compression software that is still being used by hackers to attack government agencies.
According to TechRadar, security concerns about the popular file compression software WinRAR were first flagged in early 2022, when hackers took advantage of existing vulnerabilities in the software to attack early users.
Now, this situation continues to repeat when there is a new report about a hacker nicknamed APT29, also known as Cozy Bear/NOBELIUM, exploiting WinRAR vulnerabilities to attack government agencies.
As reported by Bleeping Computer, Ukraine’s National Defense and Security Council (NDSC) announced they observed APT29 targeting government agencies with phishing emails with the vulnerability coded CVE-2023 -38831.
CVE-2023-38831 is a vulnerability in the WinRAR file compression program, discovered in April this year. It allows hackers to create .RAR and .ZIP archives capable of executing malicious code in the background, while the victim is paying attention to the contents shared inside the archive. Malware deployed by APT29 has the ability to steal information, retrieve passwords stored in browsers, confidential documents, system information
According to the report, APT29 is targeting government organizations in Azerbaijan, Greece, Romania, and Italy. Victims will receive a fake email offering to sell a BMW car and while they are focused on viewing images of the car, malware will be silently installed.
The vulnerability CVE-2023-38831 affects WinRAR software versions older than 6.23. RAR Labs released a patch a few months ago, advising all users to install this version.