The advanced persistent threat group APT-C-08, also known as Manlinghua or BITTER, has launched a campaign exploiting a directory traversal vulnerability in WinRAR. The first operational use of CVE-2025-6218 was identified, affecting WinRAR versions 7.11 and earlier. This vulnerability allows attackers to execute malicious code by breaching file system boundaries.
The campaign shows APT-C-08’s focus on stealing sensitive information from government entities in South Asia. The group utilizes weaponized documents to deliver their payloads, employing social engineering tactics to evade detection. The exploit involves specially crafted file paths in RAR archives that disrupt normal path handling, establishing a persistent foothold through Microsoft Word’s template loading system. A malicious Normal[.]dotm file is deposited, which, when triggered, executes a remote command and enables the attackers to maintain access discreetly.
Given the exploit’s effectiveness and the challenges in patching due to inconsistent updates, security experts recommend immediate action for organizations handling sensitive data. Attention should be paid to macro-based indicators of compromise and unexpected network activities, ensuring that defenses are enhanced against this evolving threat.
👉 Pročitaj original: Cyber Security News
