TechCrunch reports that numerous Russian and Chinese state-backed hacking operations have been leveraging an already patched WinRAR vulnerability, tracked as CVE-2023-38831, in recent attacks.
Malicious emails purporting to be from a Ukrainian drone warfare training academy that included an archive file exploiting CVE-2023-38831 were distributed by Russian advanced persistent threat group Sandworm to facilitate information-stealing malware compromise last month, a report from Google's Threat Analysis Group revealed. Ukrainians were also targeted by the Russian hacking group APT28, also known as Fancy Bear, with a phishing campaign exploiting the vulnerability.
On the other hand, individuals in Papua New Guinea were subjected to attacks containing the flaw exploit conducted by Chinese state-sponsored threat group APT40.
The findings, which come after Russian hackers were reported by Cluster25 to have used the WinRAR flaw in a phishing campaign, signify the persistent exploitation of slow vulnerability remediation rates in deploying attacks using known flaws, according to researchers.
Large Catholic nonprofit hired Mandiant to investigate what’s now an unspecified cybersecurity incident that has reportedly forced hospitals in at least Maryland, Michigan, Kansas, and Wisconsin to shut down its systems.
Operational technology and internet-of-things cybersecurity provider Nozomi Networks and Google's Mandiant have forged an expanded threat intelligence collaboration aimed at bolstering industry and enterprise cybersecurity, reports SiliconAngle.
Boeing has confirmed being the unnamed multinational aeronautical and defense corporation demanded by the LockBit ransomware operation to pay a $200 million ransom as mentioned in an unsealed indictment against LockBit administrator Dmitry Yuryevich Khoroshev, also known as LockBitSupp, according to CyberScoop.