APT44 Articles

WinRAR Vulnerability Still Widely Exploited by Nation-State and Cybercrime Groups

CVE-2025-8088 (CVSS 8.8), a path traversal flaw abusing Windows Alternate Data Streams, continues to be exploited by Russian APTs, Chinese actors, and cybercriminals to achieve persistence via Startup folder drops.

February 2, 2026 WinRAR CVE-2025-8088 APT

Poland Repels Cyberattack on Power Grid, Attributes to Russia's Sandworm

Russia's Sandworm deployed DynoWiper malware against ~30 Polish energy facilities on December 29-30, 2025—the first major cyberattack targeting distributed energy resources. Some equipment was damaged beyond repair.

January 15, 2026 Poland Sandworm Russia