Hackers allegedly linked to the North Korean government have targeted the cryptocurrency industry using a zero-day vulnerability in the Chromium browser. This sophisticated cyberattack, attributed to a threat actor known as “Citrine Sleet,” was recently revealed by Microsoft in a detailed blog post.
Citrine Sleet is believed to be connected to North Korea’s Reconnaissance General Bureau, a notorious intelligence unit. Microsoft noted that some of the tools employed in this campaign have also been used by other North Korean groups, including one referred to as “Diamond Sleet.”
The vulnerability in question, identified as CVE-2024-7971, was patched by Google last week after Microsoft reported it to them on August 19. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has since added CVE-2024-7971 to its catalog of known exploited vulnerabilities, urging federal civilian agencies to patch the bug by September 16 to protect government systems.
Citrine Sleet’s focus on financial institutions and cryptocurrency firms is particularly concerning. The group has been observed creating networks of fake websites designed to lure victims into downloading malicious software disguised as legitimate crypto wallets or trading applications. These fake sites often present themselves as job recruitment platforms, tricking users into downloading malware through fictitious job applications.
One of the primary tools used in these attacks is a trojan malware called “AppleJeus,” which has been specifically developed by Citrine Sleet to seize control of targeted cryptocurrency assets. The hackers also utilized a fake domain, voyagorclub[.]space, potentially referencing a defunct crypto platform, to exploit the CVE-2024-7971 vulnerability. Once the vulnerability is exploited, a strain of malware known as “FudModule” is deployed. Microsoft has observed this malware being used by other North Korean groups since 2021.
In this latest campaign, at least one of the victims had previously been targeted by another North Korean hacking group, which Microsoft ties to a broader strategy by Pyongyang. This strategy involves exploiting vulnerabilities within cryptocurrency firms, gaming companies, and exchanges to generate and launder funds in support of the North Korean regime.
Hacking cryptocurrency platforms has become a critical revenue stream for North Korea, with United Nations investigators estimating that the regime has netted $3 billion from such attacks between 2017 and 2023. This latest wave of attacks underscores the ongoing threat posed by state-sponsored cybercriminals, particularly those backed by North Korea, as they continue to refine their methods and exploit emerging vulnerabilities in the digital financial ecosystem.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
