State-Backed Cyber Actors from Russia and China Are Exploiting WinRAR Vulnerability

UK body overturns Clearview AI penalty, Finnish mental health clinic hacker faces seven years in prison, Pro-Ukraine hacktivists shut down Trigona leak site, New 23andme profiles leaked, much more

Mil.ru, CC BY 4.0 <https://creativecommons.org/licenses/by/4.0>, via Wikimedia Commons

Google security researchers say they have found evidence that government-backed hackers linked to Russia and China are exploiting a since-patched vulnerability in WinRAR, the popular shareware archiving tool for Windows.

WinRAR tracked as CVE-2023-38831, allows attackers to hide malicious scripts in archive files masquerading as seemingly innocuous images or text documents.

Rarlab, which makes the archiving tool, released an updated version of WinRAR (version 6.23) on August 2 to patch the vulnerability.

Despite this, Google’s Threat Analysis Group (TAG) said this week that its researchers have observed multiple government-backed hacking groups exploiting the security flaw, noting that “many users” who have not updated the app remain vulnerable.

TAG says it has …