Recently, Microsoft issued a warning regarding a zero-day exploit targeting the code base of Google Chrome. This attack has been orchestrated by a North Korean hacking group known as Citrine Sleet. The exploit, identified as CVE-2024-7971, allowed the hackers to execute remote code on vulnerable systems.
Users of Chrome who were targeted and compromised by this attack have been notified by Microsoft. The tech giant, however, did not disclose the exact number of users affected out of Chrome's 3 billion user base.
The North Korean group, Citrine Sleet, is notorious for targeting financial institutions and individuals involved in cryptocurrency. They have been using a trojan malware named AppleJeus to gather information necessary for seizing control of victims' digital assets.
Google promptly patched the vulnerability on August 21, following Microsoft's alert. Users who have not yet implemented the fixes are strongly advised to do so immediately to safeguard their systems.
According to Microsoft researchers, Citrine Sleet employs social engineering tactics, such as creating fake cryptocurrency trading platforms, to deceive individuals into downloading malicious software. This group has reportedly stolen an estimated $3 billion worth of cryptocurrency between 2017 and 2023.
The United Nations Security Council study has labeled North Korea as the world's most prolific cyber-thief, attributing up to 50% of the country's foreign currency income to cyber attacks. These illicit activities are believed to fund North Korea's weapons programs.
It is crucial for users to remain vigilant and ensure their systems are up to date with the latest security patches to mitigate the risks posed by such sophisticated cyber threats.
