Russian Hackers Exploit WinRAR Zero-Day
bankinfosecurityRomCom Group Deployed SnipBot, RustyClaw and Mythic Agent Variants Akshaya Asokan (asokan_akshaya) • August 12, 2025
A Russian speaking hacking group is exploiting a zero-day flaw in WinRAR, a sign of the group's growing sophistication and evolution from a cybercrime outfit into a cyberespionage operation.
See Also: What Manufacturing Leaders Are Learning About Cloud Security - from Google’s Frontline
Researchers at security firm Eset uncovered the campaign, which has been active since July. The campaign exploited a vulnerability now tracked as CVE-2025-8088, a path traversal vulnerability. WinRAR published a patch July 31 after Eset researchers alerted the company.
RomCom, also tracked as Storm-0978, Tropical Scorpius and UNC2596, mainly deployed ransomware in the past. Since Russia's 2022 invasion of Ukraine, the group has conducted cyberespionage operations aligned with Kremlin interests, along with conventional cybercrime operations. "This is at least the third time RomCom has used a ...
Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE