Russian Hackers Use WinRAR As A “Cyber Weapon”!

TECH NEWS – Yes, the WinRAR that not many of us have bought (and whose easter egg everyone has tried at least once when clicking on the book logo in the program’s About section, it pops down to the bottom of the window…).


The Ukrainian authorities claim that Russian hackers are using the WinRAR file compression tool to delete more data on government computers. According to the CERT-UA, the Ukrainian government’s computer emergency response team, Russian hackers (most likely the notorious Sandworm group) have gained possession of compromised VPN accounts through which they could gain access to official Ukrainian state networks.

CERT-UA claims that the attackers used the RoarBAT script. It searches the targeted computer for files with the following extensions: .doc, .docx, .rtf, .txt, .xls, .xlsx, .ppt, .pptx, .jpeg, .jpg, .zip, .rar, .7z, so that mainly the file types used by official documents are at risk. These files are archived with WinRAR but with the -df option, meaning that once the compressed archive is created, the script deletes the original file(s), leaving only a complete data loss.

WinRAR is everywhere, and even Linux users are not immune, as machines running these operating systems can also be attacked with a BASH script and the basic dd program. According to CERT-UA, the attack is suspiciously similar to the one previously perpetrated against the Ukrainian state news agency Ukrinform, which was attributed to the Sandworm group. “The method of implementing the malicious plan, the IP addresses of the access subjects, and the fact of using a modified version of RoarBat testify to the similarity with the cyberattack on Ukrinform,” CERT-UA wrote.

Thus, Ukrainian state employees should, by all means, strengthen their protection for VPNs (perhaps they should look to Proton…?) and, at a minimum, activate MFA, i.e., multi-factor authentication, to keep unauthorized users off internal state networks. Hopefully, they will do this soon, if they haven’t already.

Source: PCGamer

Spread the love
Avatar photo
Anikó, our news editor and communication manager, is more interested in the business side of the gaming industry. She worked at banks, and she has a vast knowledge of business life. Still, she likes puzzle and story-oriented games, like Sherlock Holmes: Crimes & Punishments, which is her favourite title. She also played The Sims 3, but after accidentally killing a whole sim family, swore not to play it again. (For our office address, email and phone number check out our IMPRESSUM)

No comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

theGeek TV