Dark
Light

Hacktivists use WinRAR bug to encrypt Windows and Linux systems

1 min read
54 views

TLDR:

  • A hacktivist group called Head Mare has exploited a vulnerability in WinRAR to encrypt systems running on Windows and Linux.
  • The vulnerability, identified as CVE-2023-38831, allows attackers to execute arbitrary code on victim systems through specially crafted archive files.

A hacktivist group known as Head Mare has recently leveraged a vulnerability in WinRAR to infiltrate and encrypt systems running on Windows and Linux. This group, active since the Russo-Ukrainian conflict, has primarily targeted organizations in Russia and Belarus. Their attacks are notable for their use of sophisticated techniques that aim to cause maximum disruption.

The vulnerability, identified as CVE-2023-38831, allows attackers to execute arbitrary code on a victim’s system through specially crafted archive files. This flaw in WinRAR enables Head Mare to more effectively deliver and conceal malicious payloads. When a user attempts to open a seemingly legitimate document within a compromised archive, the malicious code is executed, granting attackers access to the system.

Head Mare’s tactics include using publicly available software and custom malware such as LockBit and Babuk Ransomware, PhantomDL, PhantomCore, and Sliver. They gain initial access through phishing campaigns and maintain persistence by adding entries to the Windows registry and creating scheduled tasks.

The group’s infrastructure utilizes VPS/VDS servers as command and control hubs, employing tools like ngrok and rsockstun for pivoting and navigating private networks. In order to evade detection, Head Mare often disguises its malware as legitimate software and obfuscates samples using tools like Garble.

The case of Head Mare serves as a reminder of the evolving nature of cyber threats within geopolitical conflicts. Organizations in Russia and Belarus should prioritize patching vulnerabilities like CVE-2023-38831 and enhance their phishing detection capabilities. As hacktivist groups continue to refine their tactics, robust cybersecurity measures are crucial in mitigating the risk of such attacks.

Previous Story

Beware of ManticoraLoader Malware targeting Citrix users for data theft

Next Story

TfL cyber attack sparks National Crime Agency investigation

Latest from News