back to top

North Korean Hackers Exploit Chrome Vulnerability (Zero-Day) to Steal Cryptocurrency

In a concerning development, security researchers have uncovered a concerning trend of North Korean hackers exploiting a previously unknown zero day vulnerability in Google’s Chrome browser to target cryptocurrency firms and exchanges. This sophisticated zero day attack campaign, attributed to the notorious hacking group Citrine Sleet (also known as Hidden Cobra, UNC4736, and Diamond Sleet), highlights the ongoing cybersecurity threats posed by state-sponsored cybercriminals seeking financial gain to fund their regime through illicit means.

The Chrome Zero-Day Vulnerability: CVE-2024-7971

Chrome Zero-Day Vulnerability: CVE-2024-7971

The Chrome zero-day vulnerability, identified as CVE-2024-7971, was discovered in Chrome’s V8 JavaScript and WebAssembly engine, allowing remote code execution by malicious actors. This zero day vulnerability enabled the North Korean hackers to bypass the browser’s security measures and gain SYSTEM privileges on targeted systems.

Advice from Microsoft

Keep operating systems and applications up to date. Apply security patches as soon as possible. Ensure that Google Chrome web browser isย updatedย at versionย 128.0.6613.84ย or later, and Microsoft Edge web browser is updated at versionย 128.0.2739.42ย or later to address the CVE-2024-7971 vulnerability.

Related Read: Crypto Scammers hacks McDonaldโ€™s Instagram, Steal $700K in Solana

Citrine Sleet: A Prolific North Korean APT Actor

Citrine Sleet, North korean hackers, Chrome exploit

Citrine Sleet, also known as AppleJeus, Labyrinth Chollima, BlueNoroff, and Sapphire Sleet, is a well-known hacking collective with strong ties to North Korea’s Reconnaissance General Bureau (Bureau 121). This group has a long history of targeting the cryptocurrency industry, employing a range of tactics to infiltrate and steal digital assets.

The Exploit Chain

The cryptocurrency hackers’ modus operandi involved luring victims to malicious websites like the fake hacker site voyagorclub[.]space, where the Chrome exploit was delivered. Once the initial foothold was established, the attackers leveraged a Windows Kernel exploit, CVE-2024-38106, to escape the Windows sandbox and install a sophisticated FudModule rootkit using direct kernel object manipulation and kernel tampering.

Targeting Cryptocurrency Firms

Citrine Sleet’s primary focus has been on crypto industry attacks, as the group seeks to generate and launder funds to support the North Korean regime. Through the use of fake websites, bogus job offers on sites like LinkedIn crypto scams, and trojanized cryptocurrency wallets and trading apps, the hackers have successfully infiltrated numerous financial institutions managing cryptocurrency assets.

The Scope of the Attacks

According to Microsoft’s Threat Intelligence team, the exploited zero day vulnerability was discovered on August 19, 2024, and Google promptly released a fix on August 21 of the same year. However, the damage had already been done, with the North Korean ransomware managing to compromise an undisclosed number of cryptocurrency organizations during the window of opportunity.

Mitigating the Threat

To protect against such attacks, users are urged to update their Google Chrome browsers to the latest version, 128.0.6613.84 or higher, to avoid having google chrome hacked. Ensure Windows systems are equipped with the latest security patches. Additionally, enabling advanced security features in Microsoft Defender and other endpoint protection solutions can significantly enhance the defense against such sophisticated threats.

Interesting read: How Huione Guarantee Became a $11 Billion Scam Hub

The Growing Threat of North Korean Cybercrime

This incident is not an isolated case, as North Korean hackers have been increasingly active in the cryptocurrency space. A recent UN Security Council report revealed that in the past seven years, North Korean-affiliated groups like Bureau 121 have stolen an estimated $3 billion worth of digital assets through a series of suspected cyberheists. This north korea news underscores the ongoing threat.

Cryptocurrency Firms: A Lucrative Target

The cryptocurrency industry has become a prime target for North Korean hackers due to the potential for significant financial gains. By exploiting vulnerabilities and infiltrating exchanges, the hackers can siphon off funds and launder them through various means to support the North Korean regime’s activities, including its government backed cryptocurrency efforts and development of a North Korean operating system.

The Need for Vigilance

As the cryptocurrency market continues to evolve, the threat of state-sponsored cybercrime remains a pressing concern. Cryptocurrency firms and exchanges must maintain a heightened level of vigilance, staying up-to-date with the latest security threats and implementing robust defense mechanisms to protect their digital assets and clients. Follow trusted cryptocurrency news and technology news sources like this hacking blog to stay informed.

Collaboration and Information Sharing

Effective collaboration between technology companies like Microsoft cryptocurrency efforts, cybersecurity experts, and law enforcement agencies is crucial in the fight against these sophisticated attacks. By sharing intelligence, coordinating incident response, and proactively addressing vulnerabilities like type confusion flaws in Chromium V8 JavaScript engines, the global community can work together to mitigate the impact of North Korean hacking activities.

The Ongoing Battle Against Crypto Theft and Identity Theft

The recent exploitation of the Chrome zero-day vulnerability by North Korean hackers is a stark reminder of the persistent threat facing the cryptocurrency industry. As the digital asset landscape continues to evolve, the need for robust security measures and proactive risk management strategies has never been more critical to prevent crypto theft and identity theft.

Conclusion

The North Korean hackers’ exploitation of the Chrome zero-day vulnerability to target cryptocurrency firms underscores the ongoing battle against state-sponsored cybercrime. By staying vigilant, implementing the latest security updates, and fostering collaboration across the industry, stakeholders can work to safeguard the integrity of the cryptocurrency ecosystem and protect users from the financial and reputational harm caused by such attacks. Follow trusted sources like reddit cryptocurrency forums for the latest developments in this ongoing fight.