11 April 19, 13:26
Quote:A recent targeted attack against organizations in the satellite and communications industry echoes techniques seen in campaigns from cyberespionage group MuddyWater.
The attack leveraged the recently reported 19-year old vulnerability (CVE-2018-20250) in WinRAR (now patched) to launch a convoluted infection chain in an attempt to run a fileless PowerShell backdoor. Successful compromise could grant the adversary full control of the target machine.
With over 100 distinct exploits emerging in the first week after disclosure in February, the WinRAR vulnerability was not an opportunity to be missed, even by the more sophisticated cyberespionage groups.
Office 365 Advanced Threat Protection (ATP) spotted the malicious file carrying the exploit for the WinRAR ACE vulnerability. Noticing an aattack with a higher sophistication level, the Office 365 ATP Research Team started to analyze the incident.
SOURCE: https://www.bleepingcomputer.com/news/se...r-exploit/
![[-]](https://www.geeks.fyi/images/collapse.png)
