{"id":168030,"date":"2024-09-04T14:22:16","date_gmt":"2024-09-04T14:22:16","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=168030"},"modified":"2024-09-04T14:22:18","modified_gmt":"2024-09-04T14:22:18","slug":"head-mare-hacktivist-group-winrar","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/168030\/hacktivism\/head-mare-hacktivist-group-winrar.html","title":{"rendered":"Head Mare hacktivist group targets Russia and Belarus"},"content":{"rendered":"
<\/div>\n

A group of hacktivist known as\u00a0Head Mare\u00a0took advantage of the recent\u00a0CVE-2023-38831\u00a0WinRAR flaw in attacks against organizations in Russia and Belarus.<\/h2>\n\n\n\n

Kaspersky researchers reported that a hacktivist group known as\u00a0Head Mare\u00a0exploited recently disclosed WinRAR flaw\u00a0CVE-2023-38831<\/a>\u00a0in attacks against organizations in Russia and Belarus.<\/p>\n\n\n\n

<\/gwmw>Head Mare has been active since at least 2023 exclusively targeting companies in Russia and Belarus. The group announced its victims on X and also leaked internal documents stolen during attacks on the same social network.<\/p>\n\n\n

\n
\"\"<\/a><\/figure><\/div>\n\n\n

The group relies on modern techniques for gaining initial access to systems. Kaspersky reported that they exploited the CVE-2023-38831 WinRAR vulnerability in WinRAR, which could lead to arbitrary code execution by tricking the victims into opening a specially crafted archive. <\/p>\n\n\n\n

Head Mare has targeted nine victims across various industries, including government institutions, transportation, energy, manufacturing, and entertainment. Their primary purpose appears to be causing significant damage to companies in Russia and Belarus. Unlike some hacktivist groups, Head Mare also encrypts victim data and demands.<\/p>\n\n\n\n

Below is a list of software employed by the group in its attacks:<\/p>\n\n\n\n