North Korean hackers exploit Chrome bug to steal cryptocurrency
What's the story
In a recent cybersecurity breach, a North Korean hacking group known as 'Citrine Sleet' exploited an unknown bug in Chrome-based browsers.
Microsoft's cybersecurity researchers reported on Friday that the hackers' activities were first detected on August 19.
The primary goal of this cyber attack was to target organizations and steal cryptocurrency, further solidifying Citrine Sleet's reputation for targeting the crypto industry.
Technical details
Exploited vulnerability in Chromium core engine
The hackers exploited a vulnerability in the core engine of Chromium, the underlying code for Chrome and other popular browsers like Microsoft's Edge.
This flaw was a zero-day, meaning Google, the software maker, was unaware of the bug and had no time to issue a fix before its exploitation.
According to Microsoft, Google managed to patch this bug two days later on August 21.
Microsoft has also taken steps to notify "targeted and compromised customers" about the cyber attack.
Hacker tactics
Citrine Sleet's modus operandi and targets
Citrine Sleet, based in North Korea, primarily targets financial institutions, particularly those managing cryptocurrency.
As per Microsoft, the group "has conducted extensive reconnaissance of the cryptocurrency industry and individuals associated with it," using social engineering techniques.
They create fake websites posing as legitimate cryptocurrency trading platforms to distribute weaponized applications or lure targets into downloading a malicious cryptocurrency wallet.
Their unique trojan malware, AppleJeus, is used to seize control of the targets' cryptocurrency assets.
System compromise
Hackers can gain complete control of targeted computers
The attack initiated by the North Korean hackers begins with tricking a victim into visiting a web domain under their control.
Exploiting another vulnerability in the Windows kernel, they install a rootkit—a type of malware that has deep access to the operating system—on the target's computer.
Once this is accomplished, the hackers gain complete control over the compromised computer and its data.