August 30, 2024 at 04:51PM
Microsoft’s threat intelligence team identified a North Korean hacking team exploiting a Chrome vulnerability, marked as actively exploited. The flaw, CVE-2024-7971, was used for targeting the cryptocurrency sector for financial gain. The hacker group, known as ‘Citrine Sleet,’ has been linked to North Korea’s Reconnaissance General Bureau, and was observed deploying a rootkit during the attacks.
Based on the meeting notes, it is clear that Microsoft’s threat intelligence team has attributed a recent exploitation of a Chrome remote code execution flaw, patched by Google, to a known North Korean threat actor. The vulnerability, tracked as CVE-2024-7971, was actively exploited and the attacks were assessed with high confidence to be targeting the cryptocurrency sector for financial gain. The attacks were attributed to an actor called ‘Citrine Sleet’ and were linked to the North Korean government’s Reconnaissance General Bureau. This is the seventh Chrome zero-day exploited in attacks so far this year. The attackers deployed the FudModule rootkit, previously used by a different North Korean APT actor, and directed victims to a booby-trapped domain serving remote code execution browser exploits. These are the key takeaways from the provided meeting notes.