simontsui, Cluster25: low-medium confidence that Russian state-sponsored APT28 Fancy Bear attributed to CVE-2023-38831 exploitation as part of a phishing campaign designed to harvest credentials from compromised systems. CVE2-2023-38831 is a 7.8 high severity vulnerability in WinRAR that was exploited as a Zero-Day by cybercriminals, and disclosed by Group-IB on 23 August 2023.
Link: https://blog.cluster25.duskrise.com/2023/10/12/cve-2023-38831-russian-attackTags: #WinRAR #CVE202338831 #APT28 #FancyBear #cyberespionage #cyberthreatintelligence #IOC