North Korean hackers known as Citrine Sleet have attacked crypto financial institutions using a serious zero-day vulnerability in the Chromium browser.
Citrine Sleet targeted financial institutions and cryptocurrencies to steal digital assets. According to Microsoft, North Korean hackers created fake crypto trading platforms and tricked victims into downloading malware like the AppleJeus trojan that exploited crypto funds.
The flaw allowed attackers to execute code remotely, giving them control over infected systems. Microsoft detected the attack on August 19 and linked it to efforts targeting the crypto industry.
According to Microsoft, the vulnerability, tracked as CVE-2024-7971, was a type obfuscation flaw in Chromium’s V8 JavaScript engine that allowed attackers to bypass browser security and execute code inside the browser’s sandbox.
In other words, the Chromium browser, which is the foundation of browsers like Google Chrome and Microsoft Edge, had a serious zero-day vulnerability. This means that hackers discovered a serious flaw in Chromium before its developers did. The hackers could have used the flaw for malicious purposes — specifically against crypto financial institutions.
Google patched the vulnerability with a patch released on August 21, two days after the attack.
Other malware
According to Microsoft, along with CVE-2024-7971, the attackers also distributed a rootkit malware called ‘FudModule’ designed to manipulate Windows’ security measures.
This rootkit has previously been linked to another North Korean group, Diamond Sleet, suggesting that the same advanced tools are shared among various North Korean threat actors.
Microsoft stated that Diamond Sleet has been observed using the FudModule since October 2021.
Other North Korean attacks
On August 15, Cybersecurity expert ZachXBT uncovered a complex North Korean scheme involving IT employees posing as crypto developers. The operation resulted in the theft of $1.3 million from one project’s treasury and uncovered more than 25 compromised crypto projects.
The stolen funds were laundered through multiple transactions, including bridging from Solana to Ethereum and depositing into Tornado Cash. Investigations linked these activities to a network of 21 developers and traced the funds to North Korean IT employees.
Crypto attacks
The crypto industry, already a frequent target of cyberattacks, faces increasing risks as sophisticated threat actors exploit vulnerabilities in widely used software. Microsoft has advised users and organizations to promptly update their systems, use secure and up-to-date web browsers, and enable advanced security features such as Microsoft Defender to protect against such threats.