As a seasoned cybersecurity researcher with over two decades of experience under my belt, I have witnessed countless cyberattacks and their devastating effects on individuals and organizations alike. The recent exploitation of the zero-day vulnerability in Chromium by North Korean hackers, known as Citrine Sleet, serves as a stark reminder that no one is immune to these sophisticated attacks.
Hackers from North Korea, under the name Citrine Sleet, have taken advantage of an unpatched critical flaw (zero-day vulnerability) found in the Chromium web browser, using it as a means to target cryptocurrency financial institutions with cyberattacks.
In a devious scheme, a group of North Korean hackers known as Citrine Sleet focused on financial institutions and cryptocurrency entities in order to steal digital assets. These cybercriminals designed fraudulent cryptocurrency trading platforms, luring victims into downloading harmful software like the AppleJeus trojan. This malicious program is designed to secretly transfer cryptocurrency funds from its unsuspecting victims, as reported by Microsoft.
This vulnerability enabled hackers to run malicious code remotely, thereby gaining command over compromised devices. Microsoft discovered this attack on August 19th, and it’s been associated with operations aimed at the cryptocurrency sector.
According to Microsoft, a security issue labeled as CVE-2024-7971 was identified in the V8 JavaScript engine of Chromium. This issue, classified as a confusion flaw, allowed potential attackers to sidestep browser security measures and run code within the browser’s safe environment.
Essentially, it’s important to note that the Chromium browser, which serves as the base for browsers such as Google Chrome and Microsoft Edge, uncovered a critical, zero-day vulnerability. In simpler terms, this implies that hackers found a significant weakness in Chromium before its creators did. This weakness could potentially be exploited maliciously, particularly targeting crypto financial institutions.
Google addressed this vulnerability two days after the attack with a patch released on August 21.
Other malware
In addition to CVE-2024-7971, hackers introduced a piece of malware known as ‘FudModule’ rootkit. This malicious software, as reported by Microsoft, was specifically crafted to interfere with Windows’s security systems.
As an analyst, I’ve uncovered links between this rootkit and Diamond Sleet, a known cyber operation attributed to North Korea. This finding implies that sophisticated cyber tools are being circulated among different North Korean threat groups, potentially expanding their collective capabilities.
Microsoft stated that Diamond Sleet had been observed using FudModule since October 2021.
Other North Korean hacksÂ
As an analyst, on August 15, I unveiled that a complex cyber operation orchestrated by North Korean actors had been exposed. In this scheme, IT workers disguised themselves as cryptocurrency developers, leading to a successful theft of $1.3 million from a project’s funds and the compromise of over 25 different crypto projects.
The stolen funds were laundered through multiple transactions, including bridging from Solana to Ethereum and depositing into Tornado Cash. Investigations connected these activities to a network of 21 developers and traced funds back to North Korean IT workers.
Crypto hacks
In simpler terms, the world of cryptocurrency, often under cyber attack, is becoming more vulnerable as skilled hackers take advantage of weaknesses in popular software. Microsoft recommends that users and organizations quickly update their systems, use reliable and up-to-date web browsers, and activate advanced security tools like Microsoft Defender to protect against these threats.
Read More
Sorry. No data so far.
2024-08-30 21:18