Shape-Shifting Hackers Target Uzbekistan via WinRAR Vulnerabilities

Published August 8, 2025 18:54

Alexander Ten

Alexander Ten

Reporter a.ten@kursiv.media
Anna Russell

Anna Russell

Hacker have also attacked Russian organisations. Photo: Unsplash

A hacker group known as Paper Werewolf launched a series of cyberattacks in July and August targeting organisations in Uzbekistan and Russia, according to a report by RBC citing cybersecurity firm Bi.zone.

The attackers employed phishing emails containing RAR-format archives that exploited known vulnerabilities in the popular file compression software WinRAR to install malicious software (malware) on victim systems.

«The attackers had two objectives: not only to exploit WinRAR vulnerabilities to install malware, but also to increase the likelihood that their phishing emails would bypass email security filters, as such attachments are common in business correspondence,» explained Oleg Skulkin, Head of Threat Intelligence at Bi.zone.

One of the reported attacks targeted a Russian manufacturer of specialized equipment, using a fake email that appeared to come from a government agency.

According to Kaspersky Lab, Paper Werewolf has previously attacked telecom, construction, energy companies and media organisations. Their activity was documented as recently as April of this year.

Kursiv Uzbekistan also reports that BC Uzbekistan reported a net profit of 254 bn soums — a 30% increase compared to the same period last year.

Read also