Microsoft Says North Korean Cryptocurrency Thieves Behind Chrome Zero-Day

Microsoft's threat intelligence team links North Korean hackers to exploiting a Chrome zero-day flaw in Chromium V8 engine, targeting the cryptocurrency sector for financial gain. The zero-day vulnerability, CVE-2024-7971, was actively exploited and marked as the seventh Chrome zero-day attack this year, attributed to an actor called 'Citrine Sleet' or known as AppleJeus, Labyrinth Chollima, UNC4736, and Hidden Cobra. The attacks involved directing victims to malicious domains for remote code execution exploits, deploying the FudModule rootkit associated with North Korean APT actors, particularly targeting financial institutions and cryptocurrency managers.

Tags

Security
Cyber Security
Bug Security

Similar News