In a recent revelation, Microsoft cybersecurity researchers have uncovered a critical zero-day vulnerability within Chromium, the engine that powers Chrome and other browsers. This vulnerability, identified as being exploited by the North Korean hacker group known as Citrine Sleet, was patched on August 21, 2024. The urgent message for users: update your browsers immediately to safeguard against potential threats.
Citrine Sleet – A Notorious Cyber Adversary
Microsoft’s researchers have attributed the exploit to Citrine Sleet, a group with a well-established reputation for targeting the cryptocurrency sector. Identified with “medium confidence,” Citrine Sleet is also known for developing the AppleJeus trojan malware—a tool that has made waves in the cybersecurity community due to its use by the infamous Lazarus Group. This recent exploit marks the third zero-day vulnerability discovered and patched in Chromium this year, underscoring an alarming trend in browser security.
Sophisticated Attack Tactics
The vulnerability, patched promptly by Google two days after its report, allowed hackers to deploy the FudModule rootkit malware, which facilitated remote code execution. Utilizing advanced social engineering techniques, Citrine Sleet successfully tricked targets into executing a malicious payload. Once compromised, the group often installed AppleJeus, a trojan designed to pilfer cryptocurrency assets from victims.
A Pattern of Deception
Citrine Sleet’s modus operandi has been consistent with their previous activities. First observed in December 2022, when Microsoft assigned it the designation DEV-0139, the group initially deceived targets by creating fake identities on Telegram. Posing as employees of the OKX cryptocurrency exchange, they enticed targets to open an Excel document containing both accurate exchange fee information and a hidden backdoor.
The group’s deceptive tactics have also been noted under the name Chollima by Kaspersky Labs, which discovered their infiltration of the 3CX softphone app. This incident, coupled with their exploitation of AppleJeus, further highlights Citrine Sleet’s focus on cryptocurrency investment startups.
Also Read: North Korean Hackers Back in Action: $3.8 Million Frozen After Lazarus Group Exposed
With Chrome versions prior to 128.0.6613.84 vulnerable to this attack, it’s crucial for users to update their browsers to the latest version. This proactive step will help mitigate the risk posed by Citrine Sleet and other malicious actors aiming to exploit browser vulnerabilities.
As the cybersecurity landscape continues to evolve, staying informed and vigilant remains key. Microsoft’s identification of Citrine Sleet serves as a reminder of the persistent threat posed by sophisticated hacking groups and the importance of timely updates in safeguarding digital assets.
Disclaimer: The information in this article is for general purposes only and does not constitute financial advice. The author’s views are personal and may not reflect the views of Chain Affairs. Before making any investment decisions, you should always conduct your own research. Chain Affairs is not responsible for any financial losses.
About The Author
