In recent weeks, Google’s Threat Analysis Group (TAG) has observed multiple government-backed hacking groups exploiting the known vulnerability, CVE-2023-38831, in WinRAR, a popular file archiver tool for Windows. Cybercrime groups began exploiting the vulnerability in early 2023, when the bug was still unknown to defenders. Although a patch is now available, many users appear to be still vulnerable. TAG has observed government-backed actors from a number of countries exploiting the WinRAR vulnerability as part of their operations.
To ensure protection, we urge organizations and users to keep software up to date and to install security updates as soon as they become available. After a vulnerability has been patched, malicious actors will continue to rely on n-days and exploit slow patching rates.