Security News > 2022 > March > North Korean Hackers Exploited Chrome Zero-Day to Target Fintech, IT, and Media Firms
Google's Threat Analysis Group on Thursday disclosed that it acted to mitigate threats from two distinct government-backed attacker groups based in North Korea that exploited a recently-uncovered remote code execution flaw in the Chrome web browser.
The campaigns, once again "Reflective of the regime's immediate concerns and priorities," are said to have targeted U.S. based organizations spanning news media, IT, cryptocurrency, and fintech industries, with one set of the activities sharing direct infrastructure overlaps with previous attacks aimed at security researchers last year.
The usage of phony job listings is a time-tested tactic of the Lazarus group, which, earlier this January, was found impersonating the American global security and aerospace company Lockheed Martin to distribute malware payloads to target individuals seeking jobs in the aerospace and defense industry.
The second activity cluster that's believed to have leveraged the same Chrome zero-day relates to Operation AppleJeus, which compromised at least two legitimate fintech company websites to serve the exploit to no less than 85 users.
The exploit kit, according to Google TAG, is fashioned as a multi-stage infection chain that involves embedding the attack code within hidden internet frames on both compromised websites as well as rogue websites under their control.
The findings come as threat intelligence company Mandiant mapped different Lazarus sub-groups to various government organizations in North Korea, including the Reconnaissance General Bureau, the United Front Department, and the Ministry of State Security.
News URL
https://thehackernews.com/2022/03/north-korean-hackers-exploited-chrome.html
Related news
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- New Chrome Zero-Day (source)
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Over 70 zero-day flaws get hackers $1 million at Pwn2Own Ireland (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- North Korean hackers pave the way for Play ransomware (source)