Google TAG: Multiple government-backed hacking groups exploiting WinRAR vulnerability

A number of government-backed hacking groups from multiple countries were caught exploiting the known vulnerability, CVE-2023-38831, in WinRAR - a popular file archiver tool for Windows, Google’s Threat Analysis Group’s (TAG)

According to TAG, cybercrime groups began exploiting the WinRAR vulnerability in early 2023, when the bug was still unknown to defenders. RARLabs released an updated version of WinRAR with fixes for several security-related bugs in August 2023.

Many users still seem to be vulnerable, despite a patch being available, TAG said.

TAG has advised organizations and users to keep software fully up-to-date and to install security updates as soon as they become available. Additionally, the use of Google’s Safe Browsing and Gmail, which block files containing the exploit, is also recommended.

"These recent campaigns exploiting the WinRAR bug underscore the importance of patching and that there is still work to be done to make it easy for users to keep their software secure and up-to-date. TAG will continue to compile and share threat intelligence for the protection of online users and Google products, in the meantime, we encourage organizations and users to keep their software fully up-to-date," Kate Morgan, Threat Analysis Group, wrote in a blog post on Wednesday.