- Details of the Attack
- Other Malware Used
- Other North Korean Hacks
North Korean hackers, known as Citrine Sleet, exploited a severe zero-day vulnerability in the Chromium browser to attack crypto financial institutions.
Details of the Attack
Citrine Sleet targeted financial institutions and crypto entities to steal digital assets. By creating fake crypto trading platforms, the hackers tricked victims into downloading malicious software, such as the AppleJeus trojan, which siphons off crypto funds, according to Microsoft. This flaw allowed attackers to execute remote code, giving them control over infected systems. Microsoft identified the attack on August 19, and it has been linked to efforts targeting the crypto industry. The vulnerability, tracked as CVE-2024-7971, was a type of confusion flaw in Chromium’s V8 JavaScript engine, permitting attackers to bypass browser security and execute code within the browser’s sandbox, according to Microsoft. In other words, the Chromium browser, which is the foundation for browsers like Google Chrome and Microsoft Edge, had a severe zero-day vulnerability. This means hackers discovered a serious flaw in Chromium before its own developers did. Hackers could use this flaw for malicious intentions — especially against crypto financial institutions. Google addressed this vulnerability with a patch released on August 21.
Other Malware Used
Alongside CVE-2024-7971, the hackers deployed malware titled ‘FudModule’ rootkit, which was designed to manipulate Windows security measures, according to Microsoft. This rootkit was previously associated with Diamond Sleet, another North Korean group, suggesting that the same advanced tools are being shared among various North Korean threat actors. Microsoft stated that Diamond Sleet had been observed using FudModule since October 2021.
Other North Korean Hacks
On August 15, cybersecurity expert ZachXBT uncovered a sophisticated North Korean scheme involving IT workers posing as crypto developers. This operation resulted in a $1.3 million theft from a project’s treasury and revealed over 25 compromised crypto projects. The stolen funds were laundered through multiple transactions, including bridging from Solana to Ethereum and depositing into Tornado Cash. Investigations connected these activities to a network of 21 developers and traced funds back to North Korean IT workers.
The crypto sector, already a frequent target of cyber attacks, faces increased risks as these sophisticated threat actors exploit vulnerabilities in widely used software. Microsoft advised users and organizations to update their systems promptly, use secure and updated web browsers, and enable advanced security features like Microsoft Defender to safeguard against such threats.
