Watch on Demand: Attack Surface Management Summit | All Sessions Now Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Microsoft Says North Korean Cryptocurrency Thieves Behind Chrome Zero-Day

Redmond’s threat intel team said exploitation of CVE-2024-7971 can be attributed to a North Korean APT targeting the cryptocurrency sector for financial gain.

Cryptocurrency

Microsoft’s threat intelligence team says a known North Korean threat actor was responsible for exploiting a Chrome remote code execution flaw patched by Google earlier this month.

According to fresh documentation from Redmond, an organized hacking team linked to the North Korean government was caught using zero-day exploits against a type confusion flaw in the Chromium V8 JavaScript and WebAssembly engine.

The vulnerability, tracked as CVE-2024-7971, was patched by Google on August 21 and marked as actively exploited. It is the seventh Chrome zero-day exploited in attacks so far this year.

“We assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat actor targeting the cryptocurrency sector for financial gain,” Microsoft said in a new post with details on the observed attacks.

Microsoft attributed the attacks to an actor called ‘Citrine Sleet’ that has been caught in the past

Targeting  financial institutions, particularly organizations and individuals managing cryptocurrency.

Citrine Sleet is tracked by other security companies as AppleJeus, Labyrinth Chollima, UNC4736, and Hidden Cobra, and has been attributed to Bureau 121 of North Korea’s Reconnaissance General Bureau.

In the attacks, first spotted on August 19, the North Korean hackers directed victims to a booby-trapped domain serving remote code execution browser exploits. Once on the infected machine, Microsoft observed the attackers deploying the FudModule rootkit that was previously used by a different North Korean APT actor.

Advertisement. Scroll to continue reading.

Related: Google Patches Sixth Exploited Chrome Zero-Day of 2024

Related: Google Now Offering Up to $250,000 for Chrome Vulnerabilities

Related: Volt Typhoon Caught Exploiting Zero-Day in Servers Used by ISPs, MSPs

Related: Google Catches Russian APT Reusing Exploits From Spyware Merchants 

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Bob Turner has been named CISO at Penn State University.

V2X has appointed Christopher Carter as CISO.

Andrew McLaughlin has been appointed Chief Operating Officer at SandboxAQ.

More People On The Move

Expert Insights