DarkCasino: new ATP group exploits a zero-day exploit of WinRAR

The large list of groups APT (Advanced Persistent Threat) is enriched with a new name. We are talking about DarkCasinoconsidered by NSFOCUS as a collective that appeared on the scene in 2021.

The group in question is considered responsible for a zero-day vulnerability in the app WinRAR discovered in the last few days, i.e. the exploit CVE-2023-38831, considered to have a CVSS hazard score of 7.8. In fact, this security flaw in the well-known software allows cybercriminals to start payload harmful on the victim’s computer.

DarkCasino, apparently, is driven by purely economic reasons. In recent months, the group has made headlines for attacking gods forums in online tradingspreading a trojan made with Visual Basic known as DarkMe.

According to experts, however, these two cases would only be the proverbial “tip of the iceberg” with DarkCasino also involved in several operations that exploited techniques phishing over the last few months.

DarkCasino is an ATP group that will be talked about in the coming months

What are the origins of this group? Experts, in this sense, do not yet have completely clear ideas. On the other hand, the work of DarkCasino does not help in this regard either.

The first operations attributed to the collective, in fact, saw the Mediterranean and Asian countries as areas of interest. Specifically, intense activities were recorded, especially regarding attempts to cryptocurrency theftsin territories such as Vietnam and South Korea.

From what has emerged so far, the group seems destined to be talked about in the coming months. According to NSFOCUS, in fact “CVE-2023-38831 WinRAR Vulnerability Exploited by APT DarkCasino Group Brings Uncertainty to APT Attack Situation in Second Half of 2023“.

As regards the risks linked to the exploit, the advice is: keep WinRAR updated to the latest version available and to use on your computer a antivirus high profile.


Please enter your comment!
Please enter your name here