North Korean Hackers Exploit Chromium Zero-Day To Target Cryptocurrency Sector

Image by Azamat Bohed, from Flickr

North Korean Hackers Exploit Chromium Zero-Day To Target Cryptocurrency Sector

Reading time: 2 min

A North Korean threat actor has been exploiting a zero-day vulnerability in Chromium to target cryptocurrency organizations for financial gain, according to a report published today by Microsoft.

The vulnerability, identified as CVE-2024-7971, allows attackers to execute remote code on compromised systems.

Microsoft has attributed the attack to Citrine Sleet, a North Korean threat actor known for primarily targeting financial institutions, especially those involved in cryptocurrency. The group engages in extensive reconnaissance of the cryptocurrency sector, and employs sophisticated social engineering tactics.

These tactics include creating fake websites that mimic legitimate cryptocurrency trading platforms to distribute malicious software, such as fake job applications or weaponized cryptocurrency wallets.

The attack chain involved exploiting the Chromium vulnerability, executing malicious code, and deploying the FudModule rootkit. This rootkit is a sophisticated piece of malware that can evade detection and grant attackers elevated privileges on compromised systems.

It has been in use since 2021, with its earliest variant exploiting vulnerable drivers to gain admin-to-kernel access, a technique known as “bring your own vulnerable driver”.

The FudModule rootkit, previously attributed to Diamond Sleet, another North Korean threat actor, suggests a potential sharing of tools or infrastructure between the two groups, as reported by Microsoft.

To mitigate the threat, Microsoft recommends updating systems with the latest security patches, enabling Microsoft Defender for Endpoint’s tamper protection and network protection features, and running EDR in block mode. Additionally, customers should be vigilant of suspicious activity and report any unusual occurrences to their security teams.

Additionally, Microsoft provides detailed detection guidance and hunting queries for customers to identify and respond to related threats within their networks.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!

We're thrilled you enjoyed our work!

As a valued reader, would you mind giving us a shoutout on Trustpilot? It's quick and means the world to us. Thank you for being amazing!

Rate us on Trustpilot
0 Voted by 0 users
Title
Comment
Thanks for your feedback
Loader
Please wait 5 minutes before posting another comment.
Comment sent for approval.

Leave a Comment

Loader
Loader Show more...