Google Warns of State-Backed and Cybercriminal Exploitation of Patched WinRAR Vulnerability

The Google Threat Intelligence Group (GTIG) reports that state-backed actors and financially motivated cybercriminals are exploiting a patched WinRAR vulnerability (CVE-2023-38831). This flaw allows malicious code execution via specially crafted RAR archives. Identified groups include RomCom, linked to campaigns targeting Ukraine and organizations in Europe, as well as actors using tools like Poison Ivy and Carpathian. The attacks aim to deploy malware, including backdoors, through modified legitimate files. The source also mentions campaigns tied to Russian infrastructure.