North Korean Hackers Exploited Chromium Zero-Day to Target Cryptocurrency Firms, Microsoft Says

North Korean hacking group Citrine Sleet has exploited a significant zero-day vulnerability in the Chromium browser to attack cryptocurrency financial institutions, according to Microsoft.

A North Korean hacking group has exploited a critical zero-day vulnerability in the Chromium browser to target cryptocurrency financial institutions, according to Microsoft. The group used the flaw to deploy malicious software and siphon off digital assets.

The vulnerability, tracked as CVE-2024-7971, resides in Chromium’s V8 JavaScript engine and can be abused by attackers to execute remote code, ultimately enabling them to gain control over infected systems. Microsoft observed the attack unfolding on August 19 and attributed it to broader efforts to target the cryptocurrency industry.

Chromium, the rendering engine that powers popular browsers like Google Chrome and Microsoft Edge, was compromised by this zero-day, meaning hackers had found and exploited the flaw before Chromium’s developers could detect it. Google eventually released a patch on August 21 to address the vulnerability.

In addition to exploiting CVE-2024-7971, the attackers also deployed the ‘FudModule’ rootkit, which is designed to manipulate Windows security measures. This malware has been previously linked to another North Korean group, Diamond Sleet, suggesting the use of shared advanced tools among various North Korean threat actors. Microsoft has been tracking Diamond Sleet’s use of FudModule since October 2021.

The cyber threat from North Korea extends beyond browser vulnerabilities. Earlier this month, cybersecurity expert ZachXBT revealed a scheme where North Korean IT workers posed as crypto developers, leading to the theft of $1.3 million from a project’s treasury. The operation reportedly spanned over 25 crypto projects, with stolen funds being laundered through multiple transactions, involving platforms like Solana, Ethereum, and Tornado Cash.

As the cryptocurrency sector continues to grow, it has become increasingly vulnerable to sophisticated threat actors who are exploiting widely used software to carry out their attacks. Microsoft is urging users and organizations to update their systems, use secure and up-to-date web browsers, and enable advanced security features like Microsoft Defender to protect against such threats.

The above is the detailed content of North Korean Hackers Exploited Chromium Zero-Day to Target Cryptocurrency Firms, Microsoft Says. For more information, please follow other related articles on the PHP Chinese website!