North Korean hackers known as Citrine Sleet have attacked crypto financial institutions using a serious zero-day vulnerability in the Chromium browser.
Citrine Sleet targeted financial institutions and cryptocurrencies to steal digital assets. According to Microsoft, North Korean hackers created fake crypto trading platforms and tricked victims into downloading malware like the AppleJeus trojan that exploited crypto funds.
The flaw allowed attackers to execute code remotely, giving them control over infected systems. Microsoft detected the attack on August 19 and linked it to efforts targeting the crypto industry.
According to Microsoft, the vulnerability, tracked as CVE-2024-7971, was a type obfuscation flaw in Chromium’s V8 JavaScript engine that allowed attackers to bypass browser security and execute code inside the browser’s sandbox.
In other words, the Chromium browser, which is the foundation of browsers like Google Chrome and Microsoft Edge, had a serious zero-day vulnerability. This means that hackers discovered a serious flaw in Chromium before its developers did. The hackers could have used the flaw for malicious purposes — specifically against crypto financial institutions.
Google patched the vulnerability with a patch released on August 21, two days after the attack.
Other malware
According to Microsoft, along with CVE-2024-7971, the attackers also distributed a rootkit malware called ‘FudModule’ designed to manipulate Windows’ security measures.
This rootkit has previously been linked to another North Korean group, Diamond Sleet, suggesting that the same advanced tools are shared among various North Korean threat actors.
Microsoft stated that Diamond Sleet has been observed using the FudModule since October 2021.
Other North Korean attacks
On August 15, Cybersecurity expert ZachXBT uncovered a complex North Korean scheme involving IT employees posing as crypto developers. The operation resulted in the theft of $1.3 million from one project’s treasury and uncovered more than 25 compromised crypto projects.
The stolen funds were laundered through multiple transactions, including bridging from Solana to Ethereum and depositing into Tornado Cash. Investigations linked these activities to a network of 21 developers and traced the funds to North Korean IT employees.
Crypto attacks
The crypto industry, already a frequent target of cyberattacks, faces increasing risks as sophisticated threat actors exploit vulnerabilities in widely used software. Microsoft has advised users and organizations to promptly update their systems, use secure and up-to-date web browsers, and enable advanced security features such as Microsoft Defender to protect against such threats.
Bitcoin 
Ethereum 
Tether 
Solana 
BNB 
USDC 
XRP 
Dogecoin 
Lido Staked Ether 
TRON 
Cardano 
Toncoin 
Wrapped stETH 
Shiba Inu 
Wrapped Bitcoin 
Avalanche 
WETH 
Chainlink 
Bitcoin Cash 
Sui 
Polkadot 
LEO Token 
USDS 
Uniswap 
Litecoin 
Wrapped eETH 
Aptos 
NEAR Protocol 
Pepe 
Bittensor 
Internet Computer 
Artificial Superintelligence Alliance 
Dai 
Monero 
Ethereum Classic 
Kaspa 
Stellar 
Ethena USDe 
WhiteBIT Coin 
Aave 
POL (ex-MATIC) 
Stacks 
OKB 
First Digital USD 
Cronos 
dogwifhat 
Arbitrum 
Filecoin 
Mantle 
Celestia