State threat Actors on the rise: Malware group targets
Google TAG had alerted the public in October that state-backed threat actors were beginning to use new tactics. WinRAR had been compromised. Now the popular compression software has been used to target government entities in India and other countries. In the newest string of attacks Side Copy is a hacking group that has been leveraging a WinRAR Flaw to attack Indian infrastructure.
In these attacks, users from Ukraine were also targeted when prompted to download a file containing a CVE-2023-38831 exploit – a decoy document that masqueraded as an event invitation from Razumkov Centre, a public policy think tank in the country.
The result is the execution of a PowerShell script named IRONJAW that steals browser login data and local state directories and exports the information to an actor-controlled infrastructure on webhook[.]site.
State threat actors will likely continue to exploit this flaw.
WinRAR is a very popular app and is now easily exploited
This could result in sensitive information being compromised or your system being used for malicious purposes. Additionally, the fact that government entities in India are being targeted highlights the potential severity of the issue. It underscores the importance of promptly addressing software vulnerabilities to safeguard your digital assets and sensitive data.
It’s crucial for affected organizations to update their WinRAR software to patch this vulnerability and enhance their cybersecurity measures. Ensuring your software is up to date can help protect your businesses from malicious attacks.
If you have any doubts about your IT security please reach out to Britec. Our seasoned team of professionals would be glad to assist you to ensure your business is protected.