Analysis of a targeted attack exploiting the WinRar CVE-2018-20250 vulnerability
released on 2019-04-10 @ 07:14:49 PM
In early March, Microsoft Security discovered a cyberattack that used an exploit for CVE-2018-20250, an old WinRar vulnerability disclosed just several weeks prior, and targeted organizations in the satellite and communications industry. A complex attack chain incorporating multiple code execution techniques attempted to run a fileless PowerShell backdoor that could allow an adversary to take full control of compromised machines.