North Korean Hackers Exploit Chromium Browsers Zero-Day Vulnerability (CVE-2024-7971) to Steal Cryptocurrencies

Overview of the Google Chrome Vulnerability

A North Korean hacking group, widely recognized under the alias Citrine Sleet, has successfully exploited a zero-day vulnerability in Google Chrome, identified as CVE-2024-7971. Microsoft security researchers revealed that this flaw, discovered on August 19, 2024, allows for malicious actors to execute remote code within Chromium-based browsers.

Details of the Exploit

The vulnerability was leveraged to conduct targeted attacks against cryptocurrency organizations. Victims were directed to a malicious domain, voyagorclub[.]space, which likely utilized social engineering tactics to lure potential targets.

Attack Methodology

• Upon connecting to the malicious domain, the Chrome exploit was delivered.
• This was followed by a subsequent exploit aimed at the Windows kernel, CVE-2024-38106, enabling hackers to bypass browser protections.
• Ultimately, a rootkit named FudModule was deployed to gain deeper access.

Citrine Sleet's History and Tactics

Known for a series of attacks targeting the cryptocurrency sector, Citrine Sleet, also referred to as AppleJeus and Labyrinth Chollima, utilizes various methods such as fake websites and trojanized crypto applications.

Implications for the Cryptocurrency Sector

As Google has confirmed the vulnerability was patched by August 21, 2024, the incident underscores ongoing cyber risks faced by cryptocurrency firms. The growing sophistication of attacks necessitates heightened vigilance and security measures among crypto-related organizations.