New Hacking Campaign Exploits Microsoft Windows WinRAR Vulnerability
New Hacking Campaign Exploits Microsoft Windows WinRAR Vulnerability
https://www.infosecurity-magazine.com/news/hacking-exploits-windows-winrar/
Publish Date: 2026-02-05 06:50:00
Source Domain: www.infosecurity-magazine.com
A hacking campaign took just days to exploit a newly disclosed security vulnerability in Microsoft Windows version of WinRAR, researchers at Check Point have said.
The attackers leveraged CVE-2025-8088, a path traversal vulnerability in the widely used file archive and compression software WinRAR, which was first disclosed in August 2025.
Check Point’s analysis of the campaign suggested that attackers were actively exploiting the vulnerability within days of its disclosure.
CVE-2025-8088 enables the creation of arbitrary code by crafting malicious archive files. This lets attackers execute code and maintain persistence on targeted machines, allowing them to secretly monitor users and collect sensitive data.
One way the attackers achieve this is through the deployment of Havoc Framework, an open-source Command and Control (C&C) platform which is used for authorized penetration testing and red teaming exercises.
The legitimate use case of the tool means it may not be flagged by security alerts.
Tailored Lures Point to Cyber‑Espionage Campaign
Check Point researchers noted that the attacks had a focus on government institutions and law enforcement agencies in Southeast Asia, pointing to a cyber-espionage campaign with the goal of collecting intelligence for geopolitical goals.
The attackers appear to have tailored their lures to be as effectively targeted as possible, basing them around local political, economic or military developments in the country or region being targeted, such as government salary announcements or joint regional exercises.
The campaigns were designed to be highly controlled. Attack infrastructure was configured to interact only with victims in specific target countries, limiting exposure beyond the intended targets, therefore helping the campaign to remain secretive.
Check Point believed that the lures were delivered via phishing emails to the intended victims, directing them to the malicious WinRAR files being hosted on…
