Thomas Daniels

Published On: 31/08/2024
Share it!
Hacker
By Published On: 31/08/2024
Hacker

North Korean hacking group Citrine Sleet has exploited a significant zero-day vulnerability in the Chromium browser to attack cryptocurrency financial institutions, according to Microsoft. The group employed a sophisticated strategy by creating fake cryptocurrency trading platforms, tricking victims into downloading malicious software like the AppleJeus trojan, designed to siphon off digital assets.

The vulnerability, identified as CVE-2024-7971, is a type of confusion flaw within Chromium’s V8 JavaScript engine. This flaw allowed attackers to execute remote code, bypassing browser security and gaining control over infected systems. Microsoft discovered the attack on August 19, linking it to broader efforts to target the cryptocurrency industry.

Chromium, the engine behind popular browsers such as Google Chrome and Microsoft Edge, was compromised by this zero-day vulnerability, meaning hackers had found and exploited the flaw before Chromium’s developers could detect it. Google responded by releasing a patch on August 21 to address the vulnerability.

In addition to exploiting CVE-2024-7971, the attackers deployed the ‘FudModule’ rootkit, which manipulates Windows security measures. This malware has been associated with another North Korean group, Diamond Sleet, indicating the use of shared advanced tools among various North Korean threat actors. Microsoft has tracked Diamond Sleet using FudModule since October 2021.

The cyber threat from North Korea extends beyond browser vulnerabilities. On August 15, cybersecurity expert ZachXBT uncovered a scheme involving North Korean IT workers posing as crypto developers, leading to the theft of $1.3 million from a project’s treasury. This operation compromised over 25 crypto projects, laundering stolen funds through multiple transactions, including the use of platforms like Solana, Ethereum, and Tornado Cash.

The cryptocurrency sector, already vulnerable to cyberattacks, faces heightened risks as sophisticated threat actors continue to exploit widely used software. Microsoft has urged users and organizations to update their systems, use secure and updated web browsers, and enable advanced security features like Microsoft Defender to protect against such threats.

source