WinRAR vulnerability exploited in new SideCopy attacks

Indian government organizations had their Windows and Linux systems subjected to two new attack campaigns by Pakistan-linked advanced persistent threat operation SideCopy, one of which involved the exploitation of a WinRAR security vulnerability, aimed at facilitating the deployment of various remote access trojans, The Hacker News reports. While the attacks of SideCopy suspected to be a subgroup of APT36, also known as Transparent Tribe against Linux systems involved an ELF binary to launch the Ares RAT payload with file enumeration, screenshot capturing, and file uploading and downloading capabilities, intrusions against Windows systems involved the exploitation of the WinRAR bug, tracked as CVE-2023-38831, to launch not only Ares RAT but also AllaKore RAT and the novel DRat and Key RAT trojans, a report from SEQRITE revealed. Aside from having system data exfiltration and keylogging capabilities, AllaKore RAT could also enable file uploads and downloads and remote system access, while DRat could allow additional payload downloads and execution, according to researcher Sathwik Ram Prakki.