Security News > 2022 > March > North Korean threat actors target news outlets and fintechs with a Google Chrome vulnerability

Threat actors from North Korea have been exploiting a vulnerability in Google Chrome to target certain users with remote code, particularly news outlets, software vendors and fintechs in the United States.

On Feb. 10, Google's TAG team discovered two distinct threat actors using that vulnerability to target U.S.-based organizations spanning news media, IT, cryptocurrency and fintech industries.

The second threat actor exploiting the CVE-2022-0609 vulnerability has already been known for a previous attack campaign called Operation AppleJeus.

Users have been served the exploit kit either by visiting a legitimate website compromised by the attackers or by being led to fake websites created by the threat actors.

If the Chrome exploit was successful, the additional JavaScript code would launch the next stage, referenced within the script as "SBX," a common acronym for "Sandbox escape." Unfortunately, stages following the initial exploitation of the Chrome exploit could not be recovered by Google's TAG team.

Since the threat consists of an exploit allowing attackers to execute remote code via a vulnerability in Google Chrome, it is advised to deploy the patch as soon as possible, which can be easily done via Group Policy Object.

News URL

https://www.techrepublic.com/article/north-korean-threat-actors-target-news-outlets-fintechs-google-chrome-vulnerability/