According to Google’s Threat Analysis Group (TAG), the group exploiting the vulnerability comprises Sandworm, Fancy Bear, and APT40, all associated with the Russian government and military. KEY FINDINGS Google’s TAG researchers have found that government-sponsored hackers are actively exploiting an already discovered WinRAR vulnerability.
Source: HackRead