Security News > 2022 > March > North Korean threat actors target news outlets and fintechs with a Google Chrome vulnerability

Threat actors from North Korea have been exploiting a vulnerability in Google Chrome to target certain users with remote code, particularly news outlets, software vendors and fintechs in the United States.
On Feb. 10, Google's TAG team discovered two distinct threat actors using that vulnerability to target U.S.-based organizations spanning news media, IT, cryptocurrency and fintech industries.
The second threat actor exploiting the CVE-2022-0609 vulnerability has already been known for a previous attack campaign called Operation AppleJeus.
Users have been served the exploit kit either by visiting a legitimate website compromised by the attackers or by being led to fake websites created by the threat actors.
If the Chrome exploit was successful, the additional JavaScript code would launch the next stage, referenced within the script as "SBX," a common acronym for "Sandbox escape." Unfortunately, stages following the initial exploitation of the Chrome exploit could not be recovered by Google's TAG team.
Since the threat consists of an exploit allowing attackers to execute remote code via a vulnerability in Google Chrome, it is advised to deploy the patch as soon as possible, which can be easily done via Group Policy Object.
News URL
Related news
- Google Chrome's AI-powered security feature rolls out to everyone (source)
- Google Chrome disables uBlock Origin for some in Manifest v3 rollout (source)
- Google Cloud KMS Adds Quantum-Safe Digital Signatures to Defend Against Future Threats (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- New North Korean Android spyware slips onto Google Play (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-05 | CVE-2022-0609 | Use After Free vulnerability in Google Chrome Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |