RUSSIAN attackers are exploiting a patched WinRAR vulnerability (CVE-2025-8088) in separate campaigns aimed at military and government organizations in Ukraine. Two groups, Shadow-Earth-066 and Earth Dahu, are using malicious emails containing weaponized archives to conduct data theft and cyber espionage. Shadow-Earth-066 deploys the GiftedCrook malware, while Earth Dahu delivers espionage-focused malware via HTML applications.
Despite the vulnerability being fixed in July 2025, many systems remain unpatched, making them vulnerable to exploitation. Experts emphasize the importance of swiftly updating systems to reduce the risk of attacks, especially since the reach and popularity of WinRAR make it a prime target for cyber threats.