APT-C-08 Hackers Exploiting WinRAR Vulnerability

APT-C-08, a sophisticated hacker group, has been actively exploiting a critical vulnerability in WinRAR, a widely used file archiver utility. This vulnerability allows attackers to execute arbitrary code on affected systems, leading to potential data breaches and system compromises. The exploitation involves leveraging the flaw to deliver malware payloads, enabling persistent access and espionage activities. Organizations using WinRAR are urged to update to the latest patched version immediately to mitigate risks. This incident highlights the importance of timely software patching and vigilant cybersecurity practices to defend against advanced persistent threats. The attack group's tactics, techniques, and procedures (TTPs) demonstrate a high level of sophistication, targeting specific sectors for intelligence gathering and disruption. Cybersecurity teams should monitor for indicators of compromise related to this vulnerability and enhance their detection capabilities. The broader cybersecurity community must remain alert to similar exploitation attempts as threat actors continuously seek to leverage software vulnerabilities for malicious purposes.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 12 Nov 2025 14:00:17 +0000

Cyber News related to APT-C-08 Hackers Exploiting WinRAR Vulnerability

Google links WinRAR exploitation to Russian, Chinese state hackers - Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems. ...
1 year ago Bleepingcomputer.com CVE-2023-38831 CVE-2023-40477 APT28

Hackers Allegedly Selling WinRAR 0-day Exploit on Dark Web Forums for $80,000 - A threat actor under the alias "zeroplayer" has sale a previously unknown remote code execution (RCE) zero-day exploit affecting the latest and earlier versions of WinRAR. Threat actor "zeroplayer" is selling a WinRAR RCE exploit on dark ...
3 months ago Cybersecuritynews.com CVE-2025-6218 BITTER

TA422 Hackers Attack Organizations Using Outlook & WinRAR Vulnerabilities - Hackers exploit Outlook and WinRAR vulnerabilities because these widely used software programs are lucrative targets. WinRAR vulnerabilities provide an entry point to manipulate compressed files, potentially executing malicious code on a victim's ...
1 year ago Gbhackers.com CVE-2023-23397 CVE-2023-38831 CVE-2023-32231

FlyingYeti targets Ukraine using WinRAR exploit to drop Malware - MUST READ. FlyingYeti targets Ukraine using WinRAR exploit to deliver COOKBOX Malware. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. ...
1 year ago Securityaffairs.com CVE-2022-38028 CVE-2024-0204 CVE-2023-46747 CVE-2023-46748 CVE-2023-20198 CVE-2023-38831 CVE-2023-38035 APT28 APT29

Russian hackers use Ngrok feature and WinRAR exploit to attack embassies - After Sandworm and APT28, another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. APT29 is tracked under different names and has been targeting embassy entities with a BMW car ...
1 year ago Bleepingcomputer.com CVE-2023-38831 APT28 APT29

What is an advanced persistent threat? - An advanced persistent threat is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period. APT attacks are initiated to steal highly sensitive data rather than cause damage to ...
1 year ago Techtarget.com Cozy Bear APT29

WinRAR 7.10 Released For 500 Million Users - What's New - Critical fixes target semi-solid archive corruption during updates, a memory allocation error in “-m1” compression mode, and context menu rendering glitches on high-DPI displays. The latest version of the widely-used file compression ...
8 months ago Cybersecuritynews.com

SharePoint 0-day Vulnerability Exploited in Wild by All Sorts of Hacker Groups - File Indicators of Compromise (IoCs) SHA-1FilenameDetectionDescriptionF5B60A8EAD96703080E73A1F79C3E70FF44DF271spinstall0.aspxMSIL/Webshell.JSWebshell deployed via SharePoint vulnerabilities Network Indicators of Compromise (IoCs) IP ...
3 months ago Cybersecuritynews.com

WinRAR "Mark of the Web" Bypass Vulnerability Let Attackers Arbitrary Code - A newly disclosed vulnerability in WinRAR allows attackers to bypass a core Windows security mechanism, enabling arbitrary code execution on affected systems. The patch rollout highlights the ongoing challenges archiving tools face in balancing ...
7 months ago Cybersecuritynews.com CVE-2025-31334

Bitter APT Hackers Exploit WinRAR Zero-Day Vulnerability - Bitter APT hackers have recently exploited a critical zero-day vulnerability in WinRAR, a widely used file archiver utility. This vulnerability allows attackers to execute arbitrary code on affected systems, leading to potential data breaches and ...
2 weeks ago Cybersecuritynews.com CVE-2023-40477 Bitter APT

Russian hackers target unpatched JetBrains TeamCity servers - Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned. APT 29, believed to ...
1 year ago Helpnetsecurity.com CVE-2023-42793 Andariel

APT-C-08 Hackers Exploiting WinRAR Vulnerability - APT-C-08, a sophisticated hacker group, has been actively exploiting a critical vulnerability in WinRAR, a widely used file archiver utility. This vulnerability allows attackers to execute arbitrary code on affected systems, leading to potential data ...
6 hours ago Cybersecuritynews.com CVE-2023-40477 APT-C-08

Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
1 year ago Securityaffairs.com CVE-2024-29849 CVE-2023-49103 CVE-2023-20198 CVE-2023-38831 Rocke

Russia-linked group APT29 likely breached TeamViewer - Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Finnish police linked APT31 to the 2021 parliament attack. BianLian group exploits JetBrains TeamCity bugs in ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 APT28 APT29 APT3 BianLian

WinRAR Flaw: LONEPAGE Malware Strikes Ukrainian Firms - In the realm of cybersecurity, vigilance is paramount, and recent developments reveal a persistent threat facing Ukrainian entities. In this blog post, we'll look into the intricate details of the persistent cybersecurity threat posed by LONEPAGE ...
1 year ago Securityboulevard.com

Fancy Bear goes phishing in US, European high-value networks The Register - Fancy Bear, the Kremlin's cyber-spy crew, has been exploiting two previously patched bugs for large-scale phishing campaigns against high-value targets - like government, defense, and aerospace agencies in the US and Europe - since March, according ...
1 year ago Go.theregister.com CVE-2023-23397 CVE-2023-38831 CVE-2023-32231 Fancy Bear

WinRAR 7.10 boosts Windows privacy by stripping MoTW data - This allows the Mark-of-the-Web security feature to continue to work with extracted files, but the alternate data stream can no longer be used to learn where the file was downloaded. Modern file archives will propagate the MoTW found in archives to ...
8 months ago Bleepingcomputer.com

How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
2 years ago Hackread.com

CVE-2020-5202 - apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit ...
3 years ago

BreachForums resurrected after FBI seizure - Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group ...
1 year ago Securityaffairs.com CVE-2022-38028 CVE-2020-3259 CVE-2024-0204 CVE-2023-38831 CVE-2023-22515 APT28 APT29 BianLian

A cyberattack shutdown the University Hospital Centre Zagreb in Croatia - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Stanford University announced that 27,000 ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-38831 CVE-2023-22515 APT29 LockBit BianLian

LockBit group falsely claimed the hack of the Federal Reserve - LockBit gang claimed responsibility for the attack on City of Wichita. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits JetBrains TeamCity ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 APT28 APT29 LockBit BianLian Siegedsec

Russian hackers exploiting Outlook bug to hijack Exchange accounts - Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information. The targeted ...
1 year ago Bleepingcomputer.com CVE-2023-23397 CVE-2023-38831 CVE-2021-40444 APT28

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence - North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. “Researchers from Mandiant, a Google subsidiary, uncovered and analyzed a ...
1 year ago Securityaffairs.com Kimsuky

newsletter Round 478 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2024-0204 CVE-2023-49103 CVE-2023-38831 CVE-2023-22515 APT29 BianLian

APT-C-08 Hackers Exploiting WinRAR Vulnerability

Cyber News related to APT-C-08 Hackers Exploiting WinRAR Vulnerability

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)