What's Happening?
ESET Research has identified a zero-day vulnerability in WinRAR, CVE-2025-8088, being exploited by the Russia-aligned RomCom group. The vulnerability allows path traversal using alternate data streams, enabling attackers to deploy malicious files during extraction. RomCom has targeted financial, manufacturing, defense, and logistics companies in Europe and Canada with spearphishing campaigns. The group uses various backdoors, including SnipBot and RustyClaw, to achieve persistence and execute code on compromised systems.
AD
Why It's Important?
The exploitation of this vulnerability by RomCom highlights the group's capability to conduct sophisticated cyber operations using zero-day exploits. The targeted sectors are critical to national security and economic stability, making the attacks potentially damaging. Organizations using WinRAR must update to the latest version to protect against these threats. The incident emphasizes the need for robust cybersecurity measures and awareness of geopolitical motivations behind cyberattacks.
What's Next?
WinRAR users are urged to update to version 7.13 to mitigate the vulnerability. Organizations should enhance their cybersecurity protocols and educate employees on phishing risks. The RomCom group's activities may prompt further investigations and security advisories. Collaboration between cybersecurity firms and software developers will be essential in addressing vulnerabilities and preventing future exploits.
