CVE-2023-38831 Archives - Security Affairs

Pierluigi Paganini November 20, 2023

Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies

Russia-linked cyberespionage group APT29 has been observed leveraging the CVE-2023-38831 vulnerability in WinRAR in recent attacks. The Ukrainian National Security and Defense Council (NDSC) reported that APT29 (aka SVR group, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes) has been exploiting the CVE-2023-38831 vulnerability in WinRAR in recent attacks. APT29 along with APT28 cyber espionage group was involved in the Democratic National Committee […]

Pierluigi Paganini November 20, 2023

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

The DarkCasino APT group leveraged a recently disclosed WinRAR zero-day vulnerability tracked as CVE-2023-38831. Researchers at cybersecurity firm NSFOCUS analyzed DarkCasino attack pattern exploiting the WinRAR zero-day vulnerability tracked as CVE-2023-38831. The economically motivated APT group used specially crafted archives in phishing attacks against forum users through online trading forum posts. “DarkCasino is an APT […]

Pierluigi Paganini October 19, 2023

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR. Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. The researchers reported that several cybercrime groups began exploiting the flaw in early 2023, when the […]

CVE-2023-38831

Russia-linked APT29 group exploited WinRAR 0day in attacks against embassies

DarkCasino joins the list of APT groups exploiting WinRAR zero-day

Multiple APT groups exploited WinRAR flaw CVE-2023-38831

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

IT Worker arrested for selling access in $100M PIX cyber heist

New Batavia spyware targets Russian industrial enterprises

QUICK LINKS

CVE-2023-38831

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!