North Korean hackers exploited a Chrome vulnerability to steal cryptocurrency, using a malicious site and a rootkit.
A North Korean hacking group has exploited a recently discovered security flaw in Google Chrome to attack… cryptocurrency organizations, according to Microsoft security experts. The vulnerability, identified as CVE-2024-7971, was found in Chrome’s V8 JavaScript engine and allowed hackers execute malicious code on affected systems.
Google released a fix for this zero-day flaw on August 21, 2024. However, the security hole was already being used in attacks attributed to a North Korean group known as Citrine Sleet. This group, also known as AppleJeus and Labyrinth Chollima, is known for targeting the cryptocurrency sector using various deceptive tactics.
How the hackers operated
The hackers used a malicious website, voyagorclub.[.]space, to trick victims into downloading malicious software. When users visited the site, they were delivered the Chrome exploit, which then exploited a Windows kernel vulnerability (CVE-2024-38106) to bypass Chrome’s security measures. This allowed the hackers to install a sophisticated rootkit called FudModule on victims’ computers.
Citrine Sleet is known for using fake websites, fake job postings, and manipulated cryptocurrency apps to infiltrate and steal from cryptocurrency companies. Its operations are believed to be connected to North KoreaThe North Korean government’s Reconnaissance General Office is responsible for stealing and laundering funds to support the North Korean regime.
Threat mitigation
Microsoft’s threat intelligence team discovered the exploit activity on August 19 and quickly identified North Korean involvement. They had already addressed the Windows vulnerability (CVE-2024-38106) with a patch released on August 13, before the exploit was detected.
To protect against these types of threats, users are advised to update Google Chrome to version 128.0.6613.84 or later and ensure their Windows systems have the latest security updates. Microsoft also recommends enabling security features in Microsoft Defender and other endpoint protection tools to improve protection against these types of attacks.
This incident highlights the ongoing threat posed by cybercriminal groups and underscores the importance of keeping software up to date to protect sensitive information.
Disclaimer:
The information contained in this post is for general information purposes only. We make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the post for any purpose.
We respect the intellectual property rights of content creators. If you are the owner of any material featured on our website and have concerns about its use, please contact us. We are committed to addressing any copyright issues promptly and will remove any material within 2 days of receiving a request from the rightful owner.