HomeVulnerabilityNew Rising APT Menace Exploiting WinRAR Flaw

New Rising APT Menace Exploiting WinRAR Flaw

A hacking group that leveraged a not too long ago disclosed security flaw within the WinRAR software program as a zero-day has now been categorized as a wholly new superior persistent menace (APT).

Cybersecurity firm NSFOCUS has described DarkCasino as an “economically motivated” actor that first got here to gentle in 2021.

“DarkCasino is an APT menace actor with sturdy technical and studying means, who is sweet at integrating numerous common APT assault applied sciences into its assault course of,” the corporate stated in an evaluation.

“Attacks launched by the APT group DarkCasino are very frequent, demonstrating a robust want to steal on-line property.”

DarkCasino was most not too long ago linked to the zero-day exploitation of CVE-2023-38831 (CVSS rating: 7.8), a security flaw that may be weaponized to launch malicious payloads.

In August 2023, Group-IB disclosed real-world assaults weaponizing the vulnerability aimed toward on-line buying and selling boards a minimum of since April 2023 to ship a last payload named DarkMe, which is a Visible Fundamental trojan attributed to DarkCasino.

See also  Current SSRF Flaw in Ivanti VPN Merchandise Undergoes Mass Exploitation

The malware is provided to gather host info, take screenshots, manipulate recordsdata and Home windows Registry, execute arbitrary instructions, and self-update itself on the compromised host.

Whereas DarkCasino was beforehand categorised as a phishing marketing campaign orchestrated by the EvilNum group focusing on European and Asian on-line playing, cryptocurrency, and credit score platforms, NSFOCUS stated its steady monitoring of the adversary’s actions has allowed it rule out any potential connections with recognized menace actors.

WinRAR Flaw

The precise provenance of the menace actor is presently unknown.

“Within the early days, DarkCasino primarily operated in nations across the Mediterranean and different Asian nations utilizing on-line monetary providers,” it stated.

“Extra not too long ago, with the change of phishing strategies, its assaults have reached customers of cryptocurrencies worldwide, even together with non-English-speaking Asian nations corresponding to South Korea and Vietnam.”

A number of menace actors have joined the CVE-2023-38831 exploitation bandwagon in current months, together with APT28, APT40, Darkish Pink, Ghostwriter, Konni, and Sandworm.

See also  Essential Home windows LDAP flaw may result in crashed servers, RCE assaults

Ghostwriter’s assault chains leveraging the shortcoming have been noticed to pave the way in which for PicassoLoader, an intermediate malware that acts as a loader for different payloads.

“The WinRAR vulnerability CVE-2023-38831 introduced by the APT group DarkCasino brings uncertainties to the APT assault state of affairs within the second half of 2023,” NSFOCUS stated.

“Many APT teams have taken benefit of the window interval of this vulnerability to assault important targets corresponding to governments, hoping to bypass the safety system of the targets and obtain their functions.”

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular