Russian State-Sponsored Hackers Leveraged 7-Zip Flaw in Cyber Attacks on Ukraine

Photo of author
Written By Mae Nelson

Scientific writer

In the ongoing cyber conflict between Russia and Ukraine, a new report from researchers has shed light on a concerning development. Russian state-sponsored hacking groups have been actively exploiting a zero-day vulnerability in the popular file archiving utility, 7-Zip, to target Ukrainian organizations and government entities.

The 7-Zip Zero-Day Vulnerability

7-Zip is a widely-used open-source file archiver that supports a variety of compression formats, including ZIP, RAR, and 7z. The vulnerability in question, which has been assigned the identifier CVE-2023-23739, is a remote code execution flaw that resides in the program’s handling of specific types of compressed files.

According to a report from Trend Micro, the vulnerability can be triggered when parsing malformed RAR archives, potentially allowing an attacker to execute arbitrary code on the target system with the same privileges as the user running 7-Zip.

Russian Threat Groups Exploiting the Vulnerability

Multiple high-profile Russian hacking collectives, including the infamous Sandworm group, have been observed leveraging this zero-day vulnerability in their campaigns against Ukrainian targets. While the full scope of the attacks is still being investigated, it is believed that the vulnerability was used to facilitate initial access to compromised systems, enabling the deployment of additional malware and establishing persistent footholds within the victim’s networks.

As reported by Mandiant, a leading cybersecurity firm, the exploitation of the 7-Zip flaw was used in conjunction with other well-known techniques, such as spear-phishing emails containing malicious attachments, to maximize the effectiveness of the intrusion attempts.

Mitigation and Patches

In response to the disclosure of this critical vulnerability, the 7-Zip development team promptly released a patched version, 22.01, addressing the remote code execution flaw. Security experts and software vendors have urged users and organizations to update their installations of 7-Zip as soon as possible to mitigate the risk of exploitation.

See also  Google Japan unveils a do-it-yourself keyboard hat

Additionally, cybersecurity firms and government agencies have issued advisories and recommendations to help organizations detect and defend against potential attacks leveraging this vulnerability. These include implementing robust email filtering and security awareness training to combat phishing attempts, as well as deploying advanced endpoint protection solutions capable of detecting and preventing exploitation attempts.

The exploitation of the 7-Zip zero-day vulnerability by Russian threat actors serves as a stark reminder of the ongoing cyber warfare between Russia and Ukraine, and the importance of maintaining robust cybersecurity practices and timely software updates to protect against emerging threats.

Original source: https://www.securityweek.com/russian-hackers-exploited-7-zip-zero-day-against-ukraine/