en
ua
ru
de
pt
es
pl
fr
tr
fi
da
no
sv
en
EGW-NewsOthersAlle nyheterRussian hacker groups have used WinRAR as a "cyber weapon" to attack Ukraine
Russian hacker groups have used WinRAR as a "cyber weapon" to attack Ukraine
2025
0
0

Russian hacker groups have used WinRAR as a "cyber weapon" to attack Ukraine

Denne artikkelen er tilgjengelig på følgende språk

The Ukrainian government has reported that Russian hackers used the WinRAR file compression utility to delete data from computers at several government agencies. According to the Ukrainian Computer Emergency Response Team (CERT-UA), the Sandworm group may have gained access to compromised VPN accounts that provided access to Ukraine's official government networks.

The hackers apparently used a script called RoarBAT to search for files on the target machine with extensions including.doc,.docx,.rtf,.txt,.xls,.xlsx,.ppt,.pptx,.jpeg,.jpg,.zip,.rar,.7z, and several others, and then used WinRAR to archive the files and the "-df" option, which automatically deletes the source files after archiving. The RoarBAT script then deleted the archived files, resulting in a complete loss of data.

Chicken.gg
Free gems, plus daily, weekly, & monthly boosts!
Chicken.gg
CS:GO
Claim bonus
CSGO.net
EGW – get 30% Deposit Bonus
CSGO.net
CS:GO
Claim bonus
Clash GG
5% deposit bonus up to 100 gems
Clash GG
CS:GO
Claim bonus

The WinRAR utility, which is widely used on most modern computers, can be a reason for their compromise. It seems that Linux systems are not immune to such attacks, and the BASH script and the standard dd tool can be used to compromise them, despite the initial impression of security.

The Ukrainian Center for Information Security CERT-UA claims that the recent hack resembles the attack on the state information agency "Ukrinform" earlier this year, which was linked to the Sandworm group.

"The methods of implementing the malicious plan, the IP addresses of the attackers, and the use of a modified version of RoarBat indicate similarity to the cyber attack on Ukrinform," noted CERT-UA.

The center also strongly recommends that all Ukrainian state operators improve the security of their VPNs with multi-factor authentication. This should probably be a lesson for all of us.

Legge igjen en kommentar
Likte du artikkelen?
0
0

Kommentarer

TA TIL TOPPEN
FREE SUBSCRIPTION ON EXCLUSIVE CONTENT
Receive a selection of the most important and up-to-date news in the industry.
*
*Only important news, no spam.
SUBSCRIBE
LATER
Vi bruker informasjonskapsler for å gi innhold og annonser et personlig preg, for å levere sosiale mediefunksjoner og for å analysere trafikken vår.
Tilpass
OK