Security News > 2022 > March > North Korean threat actors target news outlets and fintechs with a Google Chrome vulnerability
Threat actors from North Korea have been exploiting a vulnerability in Google Chrome to target certain users with remote code, particularly news outlets, software vendors and fintechs in the United States.
On Feb. 10, Google's TAG team discovered two distinct threat actors using that vulnerability to target U.S.-based organizations spanning news media, IT, cryptocurrency and fintech industries.
The second threat actor exploiting the CVE-2022-0609 vulnerability has already been known for a previous attack campaign called Operation AppleJeus.
Users have been served the exploit kit either by visiting a legitimate website compromised by the attackers or by being led to fake websites created by the threat actors.
If the Chrome exploit was successful, the additional JavaScript code would launch the next stage, referenced within the script as "SBX," a common acronym for "Sandbox escape." Unfortunately, stages following the initial exploitation of the Chrome exploit could not be recovered by Google's TAG team.
Since the threat consists of an exploit allowing attackers to execute remote code via a vulnerability in Google Chrome, it is advised to deploy the patch as soon as possible, which can be easily done via Group Policy Object.
News URL
Related news
- Google Chrome gets a mind of its own for some security fixes (source)
- Google Chrome Switches to ML-KEM for Post-Quantum Cryptography Defense (source)
- New Google Chrome feature will translate complex pages in real time (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Google fixes ninth Chrome zero-day tagged as exploited this year (source)
- Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild (source)
- Google tags a tenth Chrome zero-day as exploited this year (source)
- Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation (source)
- Google increases Chrome bug bounty rewards up to $250,000 (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-05 | CVE-2022-0609 | Use After Free vulnerability in Google Chrome Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |