WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine

A

Admin User

Administrator of InfoSecCenter. Passionate about cybersecurity, information security, and technology.

Save

Recent cyber activities demonstrate how known vulnerabilities continue to threaten organizations, particularly those in geopolitical conflict zones. Russia-aligned threat actors have been actively exploiting a patched security flaw in the popular file compression utility WinRAR to target Ukrainian entities, deploying information-stealing malware nearly a year after a fix became available.

According to research from Trend Micro, the campaigns have been attributed to two advanced persistent threat groups known as Earth Dahu (also referred to as Gamaredon) and SHADOW-EARTH-066 (also called UAC-0226). These attackers are leveraging CVE-2025-8088, a path traversal vulnerability in WinRAR that allows malicious actors to extract files to unintended directories when a specially crafted archive is opened. The ongoing exploitation highlights a critical gap between vulnerability disclosure and actual patch implementation across targeted networks.

The impact of these attacks extends beyond immediate data theft. Ukrainian organizations facing these campaigns are contending with potential intelligence gathering operations that could support broader military or political objectives. The fact that these groups continue to successfully exploit a vulnerability with available patches suggests that many organizations remain vulnerable due to

Share

Shares: 0
LinkedIn WhatsApp Pinterest Print

You might also like

Comments (0)

Leave a Comment

No comments yet. Be the first to comment!