Security News > 2022 > March > North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT, and Media Firms

Google's Threat Analysis Group on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser.

The campaigns, once again "Reflective of the regime's immediate concerns and priorities," are said to have targeted U.S. based organizations spanning news media, IT, cryptocurrency, and fintech industries, with one set of the activities sharing direct infrastructure overlaps with previous attacks aimed at security researchers last year.

The usage of phony job listings is a time-tested tactic of the Lazarus group, which, earlier this January, was found impersonating the American global security and aerospace company Lockheed Martin to distribute malware payloads to target individuals seeking jobs in the aerospace and defense industry.

The second activity cluster that's believed to have leveraged the same Chrome zero-day relates to Operation AppleJeus, which compromised at least two legitimate fintech company websites to serve the exploit to no less than 85 users.

The exploit kit, according to Google TAG, is fashioned as a multi-stage infection chain that involves embedding the attack code within hidden internet frames on both compromised websites as well as rogue websites under their control.

The findings come as threat intelligence company Mandiant mapped different Lazarus sub-groups to various government organizations in North Korea, including the Reconnaissance General Bureau, the United Front Department, and the Ministry of State Security.

News URL

https://thehackernews.com/2022/03/north-korean-hackers-exploited-chrome.html