Security News > 2022 > March > North Korean hackers exploit Chrome zero-day weeks before patch
North Korean state hackers have exploited a zero-day, remote code execution vulnerability in Google Chrome web browser for more than a month before a patch became available, in attacks targeting news media, IT companies, cryptocurrency, and fintech organizations.
Google's Threat Analysis Group attributed two campaigns exploiting the recently patched CVE-2022-0609 to two separate attacker groups backed by the North Korean government.
Google TAG discovered the campaigns on February 10 and addressed the vulnerability in an emergency Google Chrome update four days later.
Google TAG notes that this activity is consistent with Operation Dream Job, a North Korean cyberespionage campaign detailed by researchers at ClearSky in August 2020.
"This included compromising at least two legitimate fintech company websites and hosting hidden iframes to serve the exploit kit to visitors. In other cases, we observed fake websites - already set up to distribute trojanized cryptocurrency applications - hosting iframes and pointing their visitors to the exploit kit" - Google TAG. Just like with the previous campaign, this group also registered new domains and compromised a couple of legitimate ones.
The researchers found evidence that the North Korean hackers were not interested in Google Chrome users only and they also checked users of Safari on macOS and Firefox, directing them "To specific links on known exploitation servers."
News URL
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- North Korean Lazarus hackers infect hundreds via npm packages (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-05 | CVE-2022-0609 | Use After Free vulnerability in Google Chrome Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |