North Korean Hackers Exploit Chrome Zero-Day to Steal Cryptocurrency

North Korean Hackers Exploit Chrome Zero-Day to Steal Cryptocurrency

A North Korean hacking group recently exploited a previously unknown vulnerability in Chrome-based browsers to target cryptocurrency organizations, successfully stealing digital assets. According to a report by Microsoft, the hackers—identified as part of the group known as Citrine Sleet—first initiated their attack on August 19, 2024.

The attack involved exploiting a zero-day flaw in Chromium, the core engine that powers browsers like Chrome and Microsoft Edge. A zero-day vulnerability is a software flaw that is unknown to the developer—in this case, Google—leaving them with no time to create a patch before the flaw is exploited. Google acted quickly, patching the vulnerability on August 21, just two days after the attack began.

Citrine Sleet, a North Korean state-sponsored group, has a notorious reputation for targeting the financial sector, particularly organizations and individuals involved in cryptocurrency. The group is known for its sophisticated social engineering tactics, including creating fake websites that mimic legitimate cryptocurrency trading platforms. These sites are used to distribute malicious software disguised as job applications or trading tools, ultimately leading to the installation of trojan malware known as AppleJeus. This malware enables the hackers to gain access to and control over the victims’ cryptocurrency assets.

In this particular attack, the hackers lured victims into visiting compromised websites. Once there, they exploited the Chrome zero-day vulnerability and another flaw in the Windows kernel, allowing them to install a rootkit—a type of malware that provides deep access to the operating system—on the victim’s computer. With the rootkit in place, the hackers could take full control of the system, compromising the victim’s data and assets.

North Korean hackers have long targeted the cryptocurrency industry to fund the regime’s activities, including its nuclear weapons program. Between 2017 and 2023, the regime reportedly stole $3 billion worth of cryptocurrency, according to a United Nations Security Council panel.

Disclaimer: The information provided on CoinsLately is for informational and educational purposes only. CoinsLately does not provide investment, financial, or legal advice. The content on this site represents the opinions and views of the authors and should not be considered as professional financial advice.

Cryptocurrency investments are highly speculative and involve substantial risk. You should conduct your own research and consult with a qualified financial advisor before making any investment decisions. CoinsLately and its authors are not responsible for any financial losses or damages incurred as a result of the information provided on this site.