Microsoft’s threat intelligence team says a known North Korean threat actor was responsible for exploiting a Chrome remote code execution flaw patched by Google earlier this month.
According to fresh documentation from Redmond, an organized hacking team linked to the North Korean government was caught using zero-day exploits against a type confusion flaw in the Chromium V8 JavaScript and WebAssembly engine.
The vulnerability, tracked as CVE-2024-7971, was patched by Google on August 21 and marked as actively exploited. It is the seventh Chrome zero-day exploited in attacks so far this year.
“We assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat actor targeting the cryptocurrency sector for financial gain,” Microsoft said in a new post with details on the observed attacks.
Microsoft attributed the attacks to an actor called ‘Citrine Sleet’ that has been caught in the past
Targeting financial institutions, particularly organizations and individuals managing cryptocurrency.
Citrine Sleet is tracked by other security companies as AppleJeus, Labyrinth Chollima, UNC4736, and Hidden Cobra, and has been attributed to Bureau 121 of North Korea’s Reconnaissance General Bureau.
In the attacks, first spotted on August 19, the North Korean hackers directed victims to a booby-trapped domain serving remote code execution browser exploits. Once on the infected machine, Microsoft observed the attackers deploying the FudModule rootkit that was previously used by a different North Korean APT actor.
Related: Google Patches Sixth Exploited Chrome Zero-Day of 2024
Related: Google Now Offering Up to $250,000 for Chrome Vulnerabilities
Related: Volt Typhoon Caught Exploiting Zero-Day in Servers Used by ISPs, MSPs
Related: Google Catches Russian APT Reusing Exploits From Spyware Merchants
