Microsoft Is Warning Users Of Google Chrome Vulnerability That Is Being Exploited By North Korean Hackers

Tech giant Microsoft has recently uncovered a troubling security breach involving a North Korea cyber group, Citrine Sllet, who exploited a zero-day vulnerability in Chromium-based browsers, including Google Chrome, to gain remote control execution to steal crypto assets from unsuspecting users. The vulnerability, identified as CVE-202407971, allowed attackers to execute malicious code, putting countless systems at risk. The threat actor is believed to have conducted "extensive reconnaissance" of the crypto industry and specialises in targeting institutions or individuals managing digital assets using the unique trojan malware it developed, Apple Jeus. The threat actor has hidden behind many alias, such as Hidden Cobra, Labyrinth Chollima, UNC4736, and AppleJeus.

Citrine Sleet exploits Zero-Day Vulnerability?

Citrine Sleet, notorious for targeting the cryptocurrency sector for financial benefits, leverged this flaw to conduct sophisticated attacks, using social engineering to lure victims into downloading malicious software which gathers information necessary to seize control of the target's digital assets. The zero-day vulnerability exploited by Citrine Sleet was found in the V8 JavaScript and WebAssembly engine used by Chromium, enabling remote code execution on compromised devices.

There are also others who are suggesting that the group might be sharing tools and infrastructure with another North Korean threat group, Diamond Sleet, particularly through the use of Fudmodule Rootkit malware.

Citrine Sleet is also referred to by other names such as AppleJeus and hidden Cobra, and they are linked to Bureau 121, North Korea's cyber espionage unit. The group employs advanced techniques, including setting up fake cryptocurrency sites and sending malicious job offers or cryptocurrency wallets to trick victims.

Microsoft has already patched the issue

Microsoft claims that they had already patched the vulnerability on 13 August. Despite a thorough investigation, there is still no trace of Citrine Sleet's activity, leading the company so suspect that this vulnerability could already be spread far and wide. There is also another possibility that this vulnerability could be shared through common intelligence.

This incident is also a stark reminder that underscores the critical importance of keeping your systems up-to-date. If you are using Google Chrome, ensure your browser is updated to version 128.0.6613.84 or later to protect yourself against these kinds of threats.

Microsoft is also asking users to be cautious of North Korean threat groups like Citrine sleet and Diamond sleet as they continue to use advance techniques to breach security, particularly targeting the crypto community. Users should also be wary of unsolicited job offers, cryptocurrency wallets or websites that seem too good to be true.

On top of updating your software regularly, you should also apply security patches immediately. You can explore comprehensive security solutions that provide visibility across the entire attack chain to detect and block post-compromise activities.