Microsoft has uncovered a sophisticated cyber attack originating from North Korea, specifically targeting the cryptocurrency industry. The threat actor, identified as Citrine Sleet, exploited a zero-day vulnerability in the Chromium browser (CVE-2024-7971) to gain unauthorized access to systems.
This vulnerability, a type confusion flaw in the V8 JavaScript engine, impacted older Chromium versions and enabled remote code execution. Google promptly addressed the issue with a patch released on August 21st. Microsoft urges users to update their Chromium browsers to the latest version to mitigate the risk.
Citrine Sleet, a North Korean state-sponsored group, is known for its focus on financial institutions and individuals involved in cryptocurrency management. They employ social engineering tactics, including fake websites and job applications, to trick targets into downloading malicious software that ultimately allows them to seize control of cryptocurrency assets.
