Summary

The article discusses the ongoing exploitation of a WinRAR security flaw by Russia-aligned cyber groups targeting Ukrainian organizations. Despite patches being available for nearly a year, the vulnerability continues to be leveraged by groups such as Earth Dahu and SHADOW-EARTH-066.

Key Points

• The vulnerability in question is CVE-2025-8088, a path traversal flaw in WinRAR.
• The flaw allows attackers to deploy stealers, potentially compromising sensitive information.
• Trend Micro has attributed the attacks to Earth Dahu (Gamaredon) and SHADOW-EARTH-066 (UAC-0226).
• The campaigns specifically target Ukrainian organizations, highlighting geopolitical motivations.
• Patches for the vulnerability were released almost a year ago, yet exploitation persists.

Analysis

The continued exploitation of CVE-2025-8088 underscores the critical importance of timely patch management. The involvement of Russia-aligned groups in targeting Ukrainian entities points to a strategic use of cyber capabilities in geopolitical conflicts. This situation exemplifies how unpatched vulnerabilities can be weaponized long after fixes are available.

Conclusion

IT professionals should ensure that all systems using WinRAR are updated with the latest patches to mitigate the risk of exploitation. Continuous monitoring for suspicious activity and educating users about potential threats are also crucial steps in maintaining security.