Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus

Hacktivist group Head Mare has been linked to cyber attacks targeting organizations in Russia and Belarus. Active since 2023, the group exploits a vulnerability called CVE-2023-38831 in WinRAR to gain access. It also uses custom-made malware like PhantomDL and PhantomCore, and employs ransomware called LockBit and Babuk. The group, which targets government, transport, energy, manufacturing and environmental sectors, is thought to be part of the Russo-Ukrainian conflict.