North Korean hackers took advantage of a zero-day vulnerability in Chrome to steal cryptocurrency

A hacker group took advantage of a zero-day vulnerability in Google Chrome to steal cryptocurrency, Microsoft said Friday. According to the company, it can be said with a high degree of certainty that this is the work of a group from North Korea, most likely Citrine Sleet, targeting the cryptocurrency sector for financial gain.

Image source: TheDigitalWay/Pixabay

We are talking about a type confusion vulnerability in the V8 JavaScript and WebAssembly engine, affecting Chromium versions up to 128.0.6613.84 and received the identifier CVE-2024-7971. Microsoft discovered evidence of hacker activity on August 19, and two days later Google released a browser update that fixed the bug. As Microsoft noted, CVE-2024-7971 is the third exploitable type confusion vulnerability to be patched in the V8 engine this year, following CVE-2024-4947 and CVE-2024-5274.

The company also said it notified “targeted and compromised customers,” providing them with critical information to protect their systems, although it did not disclose who was the victim of the hacking campaign. The hacker group, which Microsoft tracks as Citrine Sleet, is based in North Korea and primarily targets financial institutions, particularly organizations and individuals operating in the cryptocurrency market.

The group uses social engineering tactics, creating fake websites masquerading as legitimate cryptocurrency trading platforms and using them to distribute fake job advertisements or offers to download a cryptocurrency wallet or trading application based on official applications. Citrine Sleet uses its own proprietary AppleJeus Trojan program for attacks, which collects information necessary to seize control of the cryptocurrency assets of potential victims.