WinRAR Weaponized for Attacks on Ukrainian Public Sector

Ukraine Links Attacks to Russian Intelligence Sandworm Hackers
Ukrainian cyber defenders say they spotted a malicious script used to activate the delete option on a Windows file archiving utility likely planted by the Russian intelligence agency unit Sandworm. CERT-UA says attackers likely used a compromised VPN credential to gain access.

access agency archiving attackers attacks cert cert-ua compromised credential cyber defenders delete file intelligence intelligence agency links malicious public public sector russian sandworm script sector ukraine ukrainian utility vpn windows winrar