A North Korean gang took advantage of a previously unknown bug in Chrome to target organizations and steal their cryptocurrency, a team of Microsoft researchers revealed in a report.
According to the report published on Friday, Microsoft’s cybersecurity researchers first learned of the hackers’ misdemeanors on August 19. The report further states that the gang was affiliated to Citrine Sleet, which is known for targeting the crypto industry and financial service providers in general.
The hackers took advantage of flaws in browsers
This comes as cryptocurrency has become a hot target for North Korean government hackers for years, with the UN Security Council estimating that $3 billion in crypto was stolen between 2017 and 2023, according to a TechCrunch article.
According to the Microsoft researchers, the gang of hackers took advantage of a vulnerability in a core engine within Chromium, which is the underlying code for Chrome and other popular browsers like Microsoft’s Edge.
The report further explains that when the hackers exploited the flaws in the browsers, it was zero-day, which means that Google as the software maker was not aware of the bug. According to a TechCrunch article, the team then had zero time to issue a fix before the bug ‘s exploitation.
Google fixed the bug two days later on the 21st of August, as per the researchers’ explanations.
According to TechCrunch , Google spokesperson Scott Westover said the tech giant had fixed the bug, but without giving further details.
Peers, Microsoft revealed it had notified “targeted and compromised customers” although it could not provide more information on the set target, nor how many targets and victims were targeted by this “hacking spree.”
Its spokesperson Chris Williams refused to divulge the number of organizations affected by this malpractice.
North Korean gang targets financial services
According to the researchers, Citrine Sleet is based in North Korea and mostly targets financial services providers and individuals who manage cryptocurrency for profit and the group “has conducted extensive reconnaissance of the cryptocurrency industry and individuals associated with it” as part of its social engineering techniques.
“The threat actor creates fake websites masquerading as legitimate cryptocurrency trading platforms and uses them to distribute fake job applications or lure targets into downloading a weaponized cryptocurrency wallet or trading application based on legitimate applications,” reads part of the report.
“Citrine Sleet most commonly infects targets with the unique trojan malware it developed, AppleJeus, which collects information necessary to seize control of the targets’ cryptocurrency assets.”
Microsoft Report.
As for the North Korean hackers, the researchers revealed that they started off by tricking a victim to visit a web domain under their control. The report further explains that due to another vulnerability in the Windows Kernel, the hackers managed to install malware with deep access to the operating system on the victim’s device. The hackers gained total control of the victim’s data and device.
According to TechCrunch, due to tight international sanctions, the regime in North Korea has turned to illicit crypto activities to fund its nuclear weapons.
