Skip to content

Gamaredon Exploits WinRAR Vulnerability for Malware Distribution in Ukraine

Bottom line: Gamaredon systematically exploits the WinRAR vulnerability CVE-2025-8088 to deliver malware and infiltrate Ukrainian organizations.

The Russian hacker group Gamaredon is using the CVE-2025-8088 vulnerability in WinRAR to distribute the malware families GammaWorm and GammaSteel against Ukrainian targets. This serves data theft and further compromises.

According to Sekoia, the group Gamaredon is leveraging CVE-2025-8088 – a path traversal vulnerability in WinRAR – for malware delivery. The attack begins with an HTML Application payload called GammaPhish, which serves to provision additional components.

The deployed malware families GammaWorm and GammaSteel are designed for data exfiltration and lateral movement. Gamaredon is considered a state-sponsored actor and traditionally focuses on targets in Ukraine as well as organizations with Ukraine-related connections.

Exploiting an established vulnerability in widely distributed software (WinRAR) significantly reduces detection risks from users and security systems. CISOs should verify WinRAR installations for current patches and strengthen protective measures against archive-based attack vectors.


Source: thehackernews.com · Published June 2, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification through Lumi News Pipeline v1.2.9.

Share on: