North Korean hackers exploit Google Chrome vulnerability

Microsoft has disclosed that the North Korean cyber group Citrine Sleet has been exploiting a zero-day vulnerability in Chromium-based browsers, including Google Chrome.

The vulnerability, identified as CVE-2024-7971, is a type confusion flaw in the V8 JavaScript and WebAssembly engine used by Chromium.

This flaw allowed remote code execution (RCE) within the browser's isolated renderer process, enabling attackers to execute malicious code on compromised systems.

Citrine Sleet, also known as Applejeus and Hidden Cobra, is known for targeting the cryptocurrency sector and used sophisticated methods such as fake cryptocurrency websites for their attacks.

The group is associated with Bureau 121, North Korea's cyber espionage unit, and is suspected of sharing tools and infrastructure with another North Korean group, Diamond Sleet, particularly through the Fudmodule rootkit malware.

The exploitation occurred when a target visited a domain, voyagorclub[.]space, which triggered the zero-day exploit, leading to malware installation and escape from the Windows security sandbox.

Microsoft patched the vulnerability on August 13; however, there was no direct evidence linking Citrine Sleet to the initial discovery of the flaw, suggesting it might have been identified by other groups or through shared intelligence.

Microsoft's report highlights the importance of immediate system updates and robust security protocols to protect against such complex cyber threats.

Moreover, users are advised to keep their systems and applications up to date and to apply security patches promptly.

Specifically, users should update their Google Chrome browser to version 128.0.6613.84 or later to mitigate the risk associated with this vulnerability.