The Rise of DarkCasino APT Group Exploiting WinRAR 0-Day

Summary:

DarkCasino, an APT group with economic motivations, was initially identified in 2021. The group introduced DarkMe, a Trojan Horse program based on Visual Basic. Recently, DarkCasino has been linked to the zero-day exploitation of CVE-2023-38831, an arbitrary code execution vulnerability found in WinRAR software. The group leverages this vulnerability in phishing attacks, launching the final malicious payload, DarkMe.

Threat Level – Red | Actor Report

For a detailed threat advisory, download the pdf file here

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.