North Korean hackers exploited Chrome zero-day to steal crypto

A North Korean hacking group, known as Citrine Sleet, exploited a zero-day vulnerability in Chrome-based browsers to target organizations for cryptocurrency theft. Microsoft reported that the hackers began their activities on August 19, 2024, using a flaw in the Chromium engine, which underlies Chrome and other browsers like Microsoft Edge. The vulnerability was unknown to Google until it was exploited, and a patch was issued two days later. Citrine Sleet is known for targeting the cryptocurrency sector, employing social engineering tactics to lure victims to fake websites that mimic legitimate trading platforms. The group uses a trojan malware called AppleJeus to gain control over victims' cryptocurrency assets. The attack typically starts with tricking a victim into visiting a malicious domain, followed by exploiting another vulnerability in the Windows kernel to install a rootkit, granting the hackers deep access to the victim's system. This incident highlights the ongoing threat posed by North Korean hackers, who have reportedly stolen around $3 billion in cryptocurrency from 2017 to 2023 to fund their nuclear weapons program amid international sanctions.

- North Korean hackers exploited a zero-day vulnerability in Chrome to steal cryptocurrency.

- The hacking group Citrine Sleet primarily targets the crypto industry using social engineering tactics.

- Microsoft confirmed the exploitation began on August 19, 2024, and a patch was issued by Google shortly after.

- The group uses trojan malware, AppleJeus, to gain control over victims' cryptocurrency assets.

- North Korean hackers have stolen approximately $3 billion in crypto to fund their nuclear program.