Security News > 2022 > March > North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT, and Media Firms
Google's Threat Analysis Group on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser.
The campaigns, once again "Reflective of the regime's immediate concerns and priorities," are said to have targeted U.S. based organizations spanning news media, IT, cryptocurrency, and fintech industries, with one set of the activities sharing direct infrastructure overlaps with previous attacks aimed at security researchers last year.
The usage of phony job listings is a time-tested tactic of the Lazarus group, which, earlier this January, was found impersonating the American global security and aerospace company Lockheed Martin to distribute malware payloads to target individuals seeking jobs in the aerospace and defense industry.
The second activity cluster that's believed to have leveraged the same Chrome zero-day relates to Operation AppleJeus, which compromised at least two legitimate fintech company websites to serve the exploit to no less than 85 users.
The exploit kit, according to Google TAG, is fashioned as a multi-stage infection chain that involves embedding the attack code within hidden internet frames on both compromised websites as well as rogue websites under their control.
The findings come as threat intelligence company Mandiant mapped different Lazarus sub-groups to various government organizations in North Korea, including the Reconnaissance General Bureau, the United Front Department, and the Ministry of State Security.
News URL
https://thehackernews.com/2022/03/north-korean-hackers-exploited-chrome.html
Related news
- North Korean hackers exploit Chrome zero-day to deploy rootkit (source)
- North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit (source)
- Windows driver zero-day exploited by Lazarus hackers to install rootkit (source)
- 0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) (source)
- North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) (source)
- Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (source)
- Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited (source)