Russian Hackers Are Still Exploiting a Year-Old WinRAR Flaw Against Ukraine

Russian hackers exploit a patched WinRAR flaw to target Ukrainian entities, using phishing to deploy espionage malware and steal data.

By Content Team

Jun 10, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Two Russia-linked hacker groups — Gamaredon and Shadow-Earth-066 — are actively exploiting a WinRAR vulnerability (CVE-2025-8088) that's been patched since July 2024, targeting Ukrainian military and government organizations through weaponized phishing emails.

The attacks differ in execution but share the same goal. Shadow-Earth-066 deploys the GiftedCrook stealer to harvest credentials and documents, while Gamaredon plants espionage malware via malicious HTA files. Both abuse WinRAR's path traversal flaw to drop payloads into Windows Startup folders.

The flaw stays dangerous because WinRAR doesn't auto-update and falls outside standard enterprise patching tools — leaving millions of endpoints exposed.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Google Warns of Hackers Using AI to Create Working Zero-Day Exploit

May 12, 2026

Nearly 33,000 NHS Patients Caught Up in 2024 Ransomware Attack

Jun 4, 2026

Critical Cisco SD-WAN Vulnerability Under Active Attack

May 15, 2026

Major Data Breach Hits Netherlands' Largest Mobile Operator, 6.2 Million Users Affected

Feb 16, 2026