ChainCatcher news, Slow Mist's Chief Information Security Officer 23pds stated on the X platform that, according to feedback from the Chaitin Threat Intelligence Team, the North Korean APT group Konni has attacked the cryptocurrency industry for the first time using the WinRAR vulnerability (CVE-2023-38831). The North Korean APT group Lazarus has long targeted the cryptocurrency industry, primarily focusing on attacks related to cryptocurrency/finance. However, this attack activity marks the first discovery of other North Korean organizations, besides Lazarus, conducting attacks on the cryptocurrency industry.In this attack, Konni utilized the recently disclosed WinRAR vulnerability (CVE-2023-38831) by Group-IB, marking the first time an APT group has exploited this vulnerability for an attack. Considering the recent attacks on Stake and CoinEx, it is evident that North Korean hackers are conducting large-scale attacks on cryptocurrency trading platforms, and users need to remain vigilant.

ChainCatcher message, Slow Mist's Chief Information Security Officer 23pds tweeted that WinRAR has a remote code execution vulnerability (CVE-2023-40477). Attackers can exploit this vulnerability to execute code by enticing targets to visit a malicious page or simply by opening a malicious file. Once the user executes it, it may allow hackers to take control of your computer.Cryptocurrency users should be aware to upgrade, and also note that the so-called 'WinRAR vulnerability detection tool' currently appearing is also a malicious phishing program, be cautious of financial risks.