Summarize

Simplifying... Inshort

North Korean hackers, known as Citrine Sleet, exploited a previously unknown bug in Google's Chrome browser to steal cryptocurrency.
They tricked users into visiting fake websites, then used a malware called AppleJeus to take control of their computers and cryptocurrency assets.
Google patched the bug two days after the attack, and Microsoft has alerted affected customers.

Was a long read? Making it simpler...

Next Article

Hackers exploited a vulnerability in Chromium, the underlying code for Chrome and other popular browsers

North Korean hackers exploit Chrome bug to steal cryptocurrency

By Mudit Dube

Aug 31, 2024

03:26 pm

What's the story

In a recent cybersecurity breach, a North Korean hacking group known as 'Citrine Sleet' exploited an unknown bug in Chrome-based browsers. Microsoft's cybersecurity researchers reported on Friday that the hackers' activities were first detected on August 19. The primary goal of this cyber attack was to target organizations and steal cryptocurrency, further solidifying Citrine Sleet's reputation for targeting the crypto industry.

Technical details

Exploited vulnerability in Chromium core engine

The hackers exploited a vulnerability in the core engine of Chromium, the underlying code for Chrome and other popular browsers like Microsoft's Edge. This flaw was a zero-day, meaning Google, the software maker, was unaware of the bug and had no time to issue a fix before its exploitation. According to Microsoft, Google managed to patch this bug two days later on August 21. Microsoft has also taken steps to notify "targeted and compromised customers" about the cyber attack.

Hacker tactics

Citrine Sleet's modus operandi and targets

Citrine Sleet, based in North Korea, primarily targets financial institutions, particularly those managing cryptocurrency. As per Microsoft, the group "has conducted extensive reconnaissance of the cryptocurrency industry and individuals associated with it," using social engineering techniques. They create fake websites posing as legitimate cryptocurrency trading platforms to distribute weaponized applications or lure targets into downloading a malicious cryptocurrency wallet. Their unique trojan malware, AppleJeus, is used to seize control of the targets' cryptocurrency assets.

System compromise

Hackers can gain complete control of targeted computers

The attack initiated by the North Korean hackers begins with tricking a victim into visiting a web domain under their control. Exploiting another vulnerability in the Windows kernel, they install a rootkit—a type of malware that has deep access to the operating system—on the target's computer. Once this is accomplished, the hackers gain complete control over the compromised computer and its data.