2023-10-19
State-Sponsored Threat Actors are Exploiting Known WinRAR Vulnerability
Google’s Threat Analysis Group (TAG) has “observed multiple government-backed hacking groups exploiting the known vulnerability, CVE-2023-38831, in WinRAR” a Windows file archiving utility. The high-severity bug has been exploited since early 2023; RARLabs released WinRAR 6.23 in August to address the vulnerability.
Editor's Note
You may be noticing a recurring theme of exploiting unpatched vulnerabilities recently. The take-away is to make sure that you’re applying patches, particularly critical ones, in a timely fashion. Where you have long intervals between updates, e.g., in business or mission critical systems, maximize the defenses around those to reduce the risk. Updates to end-user, commodity, and perimeter systems should be standardized changes so you can apply patches rapidly.
![Lee Neely](https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt287a7a830c1223e8/60285112efec26565b3dc240/Lee-Neely-headshot-768x1024.png)
Lee Neely
This is an example of cybercriminals ‘banking’ on organizations’ slowness in downloading and installing software updates. The zero-day was first seen in the wild in early April, but you really couldn’t do much but monitor for signs of attack. Fast-forward, update released in August that fixes the underlying vulnerability. Fast-forward again to October and organizations still being exploited. Unfortunately, still a lot of work to be done in automating the software update process to get out in front of the exploit cycle.
![Curtis Dukes](https://images.contentstack.io/v3/assets/blt36c2e63521272fdc/blt2a96d77f89dabfce/6179106bc05249199df194eb/CD_CISO.jpg)
Curtis Dukes
Read more in
Google: Government-backed actors exploiting WinRAR vulnerability
Dark Reading: Patch Now: APTs Continue to Pummel WinRAR Bug
Bleeping Computer: Google links WinRAR exploitation to Russian, Chinese state hackers
Gov Infosecurity: Nation-State Hackers Exploiting WinRAR, Google Warns