Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
Members
Current visitors
New profile posts
Search profile posts
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Home
Forums
CARDING & HACKING
Carding News
Civil servant used WinRAR vulnerability to spy on defense companies
Message
<blockquote data-quote="Plotu" data-source="post: 431" data-attributes="member: 5"><p>How does the CIA's tool relate to such a deliberate attack?</p><p></p><p>The information security company Sangfor discovered a series of phishing attacks that exploit a vulnerability in WinRAR. Documents related to the geopolitical issues of Belarus and Russia serve as bait for victims, and the sender of emails is a person posing as a government employee.</p><p></p><p>The attack is carried out using the recently discovered WinRAR vulnerability CVE-2023-38831 (CVSS: 7.8). The attack is triggered if the user opens a malicious archive using a vulnerable version of WinRAR. Phishing emails and attachments are carefully prepared to circumvent email filtering systems. The names of archives and the contents of decoy documents are adapted for various purposes.</p><p></p><p><img src="https://www.securitylab.ru/upload/medialibrary/4f6/nfxp86o2c14lzo5cnjr0iicn569vkpuo.png" alt="nfxp86o2c14lzo5cnjr0iicn569vkpuo.png" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p><em>Example of a phishing email</em></p><p></p><p>The malicious Powershell script has been optimized over many iterations, which increases the degree of obfuscation and helps bypass static detection. Operator commands download and install the Athena backdoor using Discord as a communication channel to the Command and Control server (C2). The target is organizations with geopolitical significance, including defense industry enterprises, research institutions, and financial organizations.</p><p></p><p>In 2017, the WikiLeaks portal traditionally published a portion of CIA hacking tools, including the Athena backdoor. The tool is able to download malware to the victim's computer to perform certain tasks, as well as add/extract files to/from certain directories on the attacked system. An attacker can change the settings during program execution, depending on the task at hand. Thus, Athena allows you to gain control over a Windows computer and get any information.</p><p></p><p>It is noted that attackers show rapid development of abilities and adaptation to changes in the situation. The researchers said that taking into account various factors, the incident is most likely not the work of cybercriminals – it is likely that an previously unknown APT group (Advanced Persistent Threat) is behind the attacks.</p><p></p><p>The specified error in WinRAR has already been used by North Korean hackers. As part of the campaign, when a victim tries to open an archived HTML file in an email, malicious code is activated, allowing attackers to gain remote access to the system.</p></blockquote><p></p>
[QUOTE="Plotu, post: 431, member: 5"] How does the CIA's tool relate to such a deliberate attack? The information security company Sangfor discovered a series of phishing attacks that exploit a vulnerability in WinRAR. Documents related to the geopolitical issues of Belarus and Russia serve as bait for victims, and the sender of emails is a person posing as a government employee. The attack is carried out using the recently discovered WinRAR vulnerability CVE-2023-38831 (CVSS: 7.8). The attack is triggered if the user opens a malicious archive using a vulnerable version of WinRAR. Phishing emails and attachments are carefully prepared to circumvent email filtering systems. The names of archives and the contents of decoy documents are adapted for various purposes. [IMG alt="nfxp86o2c14lzo5cnjr0iicn569vkpuo.png"]https://www.securitylab.ru/upload/medialibrary/4f6/nfxp86o2c14lzo5cnjr0iicn569vkpuo.png[/IMG] [I]Example of a phishing email[/I] The malicious Powershell script has been optimized over many iterations, which increases the degree of obfuscation and helps bypass static detection. Operator commands download and install the Athena backdoor using Discord as a communication channel to the Command and Control server (C2). The target is organizations with geopolitical significance, including defense industry enterprises, research institutions, and financial organizations. In 2017, the WikiLeaks portal traditionally published a portion of CIA hacking tools, including the Athena backdoor. The tool is able to download malware to the victim's computer to perform certain tasks, as well as add/extract files to/from certain directories on the attacked system. An attacker can change the settings during program execution, depending on the task at hand. Thus, Athena allows you to gain control over a Windows computer and get any information. It is noted that attackers show rapid development of abilities and adaptation to changes in the situation. The researchers said that taking into account various factors, the incident is most likely not the work of cybercriminals – it is likely that an previously unknown APT group (Advanced Persistent Threat) is behind the attacks. The specified error in WinRAR has already been used by North Korean hackers. As part of the campaign, when a victim tries to open an archived HTML file in an email, malicious code is activated, allowing attackers to gain remote access to the system. [/QUOTE]
Name
Verification
Post reply
Home
Forums
CARDING & HACKING
Carding News
Civil servant used WinRAR vulnerability to spy on defense companies
Top