Phishing attacks leveraging a new high-severity WinRAR vulnerability, tracked as CVE-2023-38831, have been deployed by pro-Russian hacking operations in a bid to facilitate credential exfiltration, The Hacker News reports.
Malicious archive files exploiting the flaw sent to targeted systems enable the execution of a Windows Batch script and PowerShell commands, which provide remote access to attackers, as well as the distribution of a PowerShell script that allows the theft of login credentials and other data, which are later exfiltrated through webhook[.]site, a report from Cluster25 revealed.
Such findings come after Russian state-sponsored threat operation APT29 was reported by Mandiant to have strengthened its phishing attacks and increased its targeting of Ukraine during the first six months of the year. Various operations conducted by APT29 were noted to have involved simultaneous utilization of different infection chains.
Aside from tapping breached WordPress sites for first-stage payload hosting, APT29 also implemented enhanced obfuscation measures, according to Mandiant.
