North Korean hackers target crypto institutions via Chromium browser

North Korean hackers, known as Citrine Sleet, have exploited a critical vulnerability in the Chromium browser to attack cryptocurrency financial institutions.

The Citrine Sleet group targeted financial institutions and cryptocurrency entities to steal digital assets. By creating fake cryptocurrency exchanges, the North Korean hackers tricked victims into downloading malware, such as the AppleJeus Trojan, which drains crypto funds, According to To Microsoft.

The flaw allowed attackers to execute code remotely, giving them control over affected systems. Microsoft identified the attack on August 19, and it has been linked to efforts targeting the crypto industry.

The vulnerability, tracked as CVE-2024-7971, was a type of confusion bug in Chromium’s JavaScript V8 engine that allowed attackers to bypass browser security and execute code inside the browser’s sandbox, according to Microsoft.

In other words, Chromium, the browser that forms the basis for browsers like Google Chrome and Microsoft Edge, had a critical vulnerability. This means that hackers discovered a critical vulnerability in Chromium before its developers did. Hackers could use this vulnerability for malicious purposes — especially against cryptocurrency financial institutions.

Google addressed this vulnerability two days after the attack by releasing a patch for it on August 21.

Other malware

Along with CVE-2024-7971, the hackers deployed a malware called the “FudModule” rootkit, which was designed to manipulate Windows security measures, according to Microsoft.

This rootkit has previously been linked to Diamond Sleet, another North Korean group, suggesting that the same advanced tools are being shared among various North Korean threat actors.

Microsoft said that Diamond Sleet has been spotted using FudModule since October 2021.

Other North Korean Hacks

On August 15, cybersecurity expert ZachXBT uncovered a sophisticated North Korean scheme involving IT workers posing as cryptocurrency developers. The operation resulted in the theft of $1.3 million from a project’s vault and exposed more than 25 cryptocurrency projects that had been compromised.

The stolen funds were laundered through multiple transactions, including staking them from Solana to Ethereum and depositing them into Tornado Cash. Investigations linked these activities to a network of 21 developers and traced the funds back to IT workers in North Korea.

Cryptocurrency Hacks

The crypto industry, already a frequent target of cyberattacks, faces increasing risks as these sophisticated actors exploit vulnerabilities in widely used software. Advise The company urges users and organizations to update their systems immediately, use secure and up-to-date web browsers, and enable advanced security features such as Microsoft Defender to protect against such threats.

BrowserChromiumcryptoHackersInstitutionsKoreanNorthtarget