A notorious North Korean hacker group has once again made headlines by exploiting a zero-day vulnerability in Google Chrome to pilfer cryptocurrency, according to a report from Microsoft. The attack, which was detected earlier this month, is believed to be the work of the cybercriminal collective known as Citrine Sleet, a group infamous for targeting the financial sector, particularly those involved in cryptocurrency.
The vulnerability in question is a “type confusion” flaw within the V8 JavaScript engine and WebAssembly in versions of Chromium prior to 128.0.6613.84. Identified as CVE-2024-7971, this exploit allows attackers to manipulate Chrome’s execution of code, paving the way for unauthorized access to digital assets. Microsoft first detected signs of this breach on August 19, and by August 21, Google had rolled out a patch to address the issue. This marks the third “type confusion” vulnerability in the V8 engine to be patched this year, following CVE-2024-4947 and CVE-2024-5274.
Microsoft has taken swift action, notifying affected users and providing essential guidance to secure their systems. While the specific victims of the attack remain undisclosed, the pattern of the breach points squarely at Citrine Sleet, a North Korean group notorious for its focus on the cryptocurrency market.
Citrine Sleet’s modus operandi includes sophisticated social engineering tactics. They craft convincing fake websites that resemble legitimate cryptocurrency trading platforms, luring users with bogus job offers or enticing them to download compromised cryptocurrency wallets or trading apps. Once users take the bait, the group’s proprietary AppleJeus Trojan springs into action, collecting vital information to seize control of the victims’ digital assets.
This latest attack underscores the persistent threat posed by state-sponsored hacking groups, particularly those from North Korea, as they continue to exploit vulnerabilities in widely used software to siphon off valuable cryptocurrency. As the digital landscape evolves, so too do the tactics of these cybercriminals, making it more crucial than ever for users and organizations to stay vigilant and keep their systems updated.
Source: