Civil Servant Exploits WinRAR Vulnerability for Defense Company Spying

IB-company SangFor Technologies discovered a series of phishing attacks involving the exploitation of the Winrar vulnerability. The attacks lure victims using documents related to the geopolitical issues of Belarus and Russia, with the emails being sent by an individual impersonating a civil servant.

The attackers take advantage of the recently discovered Winrar vulnerability cve-2023-38831 (CVSS: 7.8). The attack is successful if the user opens a malicious archive using a vulnerable version of Winrar. The phishing emails and attached files are carefully crafted to bypass email filtering systems. The names of the archives and the content of the files are adapted for different purposes.

Below is an example of a phishing letter:

“PowerShell’s malicious script has been optimized for multiple iterations, increasing its ability to evade static detection. The script executes commands to load and install backdoors.”

Backdoors can be implemented in software during development or even after deployment through the use of malicious software. They can be used for activities such as espionage or remote control of systems and devices.

/Reports, release notes, official announcements.