Multiple State-Sponsored Groups Exploit WinRAR Vulnerability in Phishing Attacks
Multiple State-Sponsored Groups Exploit WinRAR Vulnerability in Phishing Attacks
Threat Level
Attack Report
For a detailed threat advisory, download the pdf file here
Summary
A series of phishing attacks linked to a Russian state-sponsored group, leveraging a WinRAR vulnerability to steal data, including browser credentials via PowerShell commands and exfiltrating it through a legitimate service.
To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.