- Third Zero-day Vulnerability of the Year
- Hackers Used Social Engineering Tactics
- Hackers Trod a Familiar Path
Microsoft cybersecurity researchers have identified a zero-day vulnerability in Chromium, the engine that powers the Chrome web browser, exploited by the North Korean hacker group Citrine Sleet. The vulnerability was patched on Aug. 21, making it crucial for users to update their browsers.
Third Zero-day Vulnerability of the Year
Microsoft has notified targeted customers but did not specify their number. This was the third exploited zero-day vulnerability patched in Chromium this year. Google, the owner of the Chromium engine, patched the vulnerability two days after it was reported.
Hackers Used Social Engineering Tactics
The hacker group used FudModule rootkit malware to gain remote code execution, employing sophisticated social engineering tactics. For instance, they created fake websites that appeared to be legitimate cryptocurrency trading platforms, distributed fake job applications, or lured targets into downloading weaponized cryptocurrency wallets or trading applications.
Hackers Trod a Familiar Path
Citrine Sleet was first spotted in December 2022, when Microsoft dubbed it DEV-0139. The hackers created fake identities on Telegram, posing as employees of the OKX cryptocurrency exchange, and sent targets an Excel document containing accurate information on various exchanges' fee structures along with a malicious file that created a backdoor into the target's computer.
Citrine Sleet, also known as Chollima, continues to pose a threat to the cryptocurrency sector. Experts urge users to update their browsers to protect against such attacks.
Comments