Summary:
North Korean hackers exploited a zero-day vulnerability in Chrome to steal cryptocurrency.
Citrine Sleet targets financial institutions and individuals in the crypto industry.
The hackers create fake websites to distribute malicious software.
The malware AppleJeus is used to gather information and take control of crypto assets.
North Korean hackers have stolen $3 billion in crypto since 2017.
North Korean Cyber Attack on Cryptocurrency
A North Korean hacking group known as Citrine Sleet has been exploiting a zero-day vulnerability in Chrome-based browsers to target organizations and steal cryptocurrency. This alarming activity was first detected on August 19, according to a report by Microsoft.
The hackers took advantage of a flaw in the Chromium engine, which underlies popular browsers like Chrome and Microsoft Edge. The vulnerability was unknown to Google at the time of exploitation, allowing the hackers to execute their plans without the company being able to issue a fix. Fortunately, Google patched the flaw just two days later, on August 21.
How the Attack Works
Citrine Sleet is notorious for targeting the cryptocurrency industry. Researchers have noted that this group engages in extensive reconnaissance to compromise financial institutions and individuals involved in crypto. Their methods include creating fake websites that mimic legitimate cryptocurrency trading platforms. They use these sites to distribute malicious job applications or lure victims into downloading weaponized cryptocurrency wallets.
The primary malware used in these attacks is called AppleJeus, which is designed to collect sensitive information that allows hackers to seize control of victims' cryptocurrency assets. The attack typically begins by tricking a victim into visiting a domain controlled by the hackers.
Once the victim is ensnared, another vulnerability in the Windows kernel enables the installation of a rootkit, granting the hackers deep access to the victim's operating system. With this level of access, the attackers can control the compromised computer entirely.
The Bigger Picture
Cryptocurrency has been a lucrative target for North Korean hackers for several years. According to a United Nations Security Council panel, the regime has stolen approximately $3 billion in cryptocurrency from 2017 to 2023. This theft is largely driven by the need to fund the country's nuclear weapons program, especially in light of strict international sanctions against the Kim Jong Un government.
Comments