HomeWinBuzzer NewsMicrosoft Uncovers North Korean Exploit of Google Chrome Used to Steal Cryptocurrency

Microsoft Uncovers North Korean Exploit of Google Chrome Used to Steal Cryptocurrency

North Korean hackers exploited a Chrome vulnerability to steal cryptocurrency. Citrine Sleet targeted financial institutions and cryptocurrency firms.

-

A North Korean hacker group called Citrine Sleet has been using an undisclosed vulnerability in Google's Chrome browser to pilfer . According to 's team, these breaches, which commenced on August 19, have been aimed at financial institutions and cryptocurrency-related targets.

Issue in Chromium Core Engine

The uncovered flaw resides in the core engine of Chromium, the framework behind browsers like and Microsoft Edge. The zero-day vulnerability, initially undetected by , was exploited by the until Google issued a patch on August 21, spokesperson Scott Westover told TechCrunch.

The group utilizes sophisticated techniques such as social engineering and malware. Microsoft says the group creates counterfeit websites resembling genuine cryptocurrency trading platforms to bait victims. Once these sites are accessed, another vulnerability in the Windows kernel is exploited to deploy a rootkit, providing extensive system access.

Malware and Data Extraction

The rootkit ensures ongoing access to the compromised machines, complicating detection and removal processes. Citrine Sleet employs custom trojan malware dubbed AppleJeus to extract information necessary for taking control of cryptocurrency assets. The malware is often disguised within fake job applications or tainted cryptocurrency wallets and trading applications.

As per the United Nations Security Council, North Korea has illicitly obtained $3 billion in cryptocurrency from 2017 to 2023. Facing stringent international sanctions, the regime resorts to cyber theft to support its nuclear weapons project. The Chrome zero-day exploitation underscores the persistent risks posed by state-sponsored hacking entities to global financial stability and the cryptocurrency sector.

Microsoft's Actions

Microsoft has informed impacted customers but has not revealed the number of entities targeted or compromised. The report highlights the necessity for enhanced threat detection systems, given that traditional antivirus programs may not detect the rootkit used in these breaches.

Google quickly addressed the zero-day vulnerability by issuing a patch on August 21. The quick response highlights the critical importance of updating security patches promptly to maintain robust cybersecurity.

SourceMicrosoft
Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.
Mastodon