Office 365 Team Discovers Phishing Email Pushing WinRAR Exploit
#1
Quote:A recent targeted attack against organizations in the satellite and communications industry echoes techniques seen in campaigns from cyberespionage group MuddyWater.
 
The attack leveraged the recently reported 19-year old vulnerability (CVE-2018-20250) in WinRAR (now patched) to launch a convoluted infection chain in an attempt to run a fileless PowerShell backdoor. Successful compromise could grant the adversary full control of the target machine.
 
With over 100 distinct exploits  emerging in the first week after disclosure in February, the WinRAR vulnerability was not an opportunity to be missed, even by the more sophisticated cyberespionage groups.
 
Office 365 Advanced Threat Protection (ATP) spotted the malicious file carrying the exploit for the WinRAR ACE vulnerability. Noticing an aattack with a higher sophistication level, the Office 365 ATP Research Team started to analyze the incident.

SOURCE: https://www.bleepingcomputer.com/news/se...r-exploit/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Google Chrome 150.0.7871.124/.125
Google Chrome 150....harlan4096 — 12:16
Microsoft July 2026 Patch Tuesday Fixes ...
Microsoft has rele...harlan4096 — 11:08
uBOLite 2026.714.1952 (already available...
uBOLite 2026.714.1...harlan4096 — 09:58
Vivaldi 8.1 Build 4087.53
Vivaldi 8.1 Build ...harlan4096 — 08:44
Privazer 4.0.124.3 (14 July 2026)
v4.0.124.3 (14 Jul...harlan4096 — 06:22

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
avatar (43)lapedDow
avatar (49)rituabew
avatar (37)omyjul
avatar (41)papedDow
avatar (50)ArnoldFum
avatar (38)yfaza
avatar (49)Kevensi
avatar (39)boineDon
avatar (40)Grompelbawn
avatar (41)vkseogaF
avatar (37)usogy
avatar (40)ywixazok
avatar (38)ixoqe
avatar (36)pa.OpenTran

[-]
Online Staff
There are no staff members currently online.

>