Microsoft has identified Citrine Sleet, a North Korean threat actor, exploiting the zero-day vulnerability CVE-2024-7971 in Chrome to control cryptocurrency systems remotely.
What happened
On September 3, 2024, Microsoft reported that Citrine Sleet, affiliated with North Korea's Bureau 121, exploits CVE-2024-7971, a zero-day vulnerability in Chrome. The vulnerability allowed these attackers to remotely execute code on compromised systems. Microsoft released a security update on August 21, 2024, patching this zero-day vulnerability.
Furthermore, Microsoft urges users to update their Chrome browser to the latest version, closing the security gap and preventing future attacks.
In the know
North Korean threat actors, including those affiliated with Bureau 121, have a history of using sophisticated malware and zero-day exploits for cyber espionage and financial gain. Specifically, Citrine Sleet uses the FudModule rootkit, a malware known for evading detection to target high-value sectors like cryptocurrency.
In this case, they targeted CVE-2024-7971, a type of confusion vulnerability found in the V8 JavaScript and WebAssembly engine, the core component of Chrome. The vulnerability affects Chrome versions before 128.0.6613.84. Type confusion is when the software mistakenly interprets data as a different type, causing unpredictable behavior.
The attackers used the vulnerability to execute code remotely (RCE) within the sandboxed Chrome renderer process. Although the sandbox is supposed to isolate and limit damages, successful exploits bypass these protections.
What was said
The Microsoft Security Response Center (MSRC) states, “We assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat actor targeting the cryptocurrency sector for financial gain.”
The bottom line
Chrome users must update their browsers to protect them against the CVE-2024-7971 vulnerability. Ultimately, applying these updates and following best practices will help organizations mitigate the risks posed by North Korean threat actors like Citrine Sleet.
Go deeper: Why healthcare is a major target for cyberattacks
FAQs
What is a zero-day vulnerability?
A zero-day vulnerability is a security flaw unknown to the software or system vendor, leaving them with ‘zero days’ to prepare a response. These vulnerabilities can exist in any application, operating system, or connected device.
How does a patch for a vulnerability work?
A patch is a software update released by developers to fix vulnerabilities. It addresses the flaw by modifying or improving the affected code, preventing attackers from exploiting it.
How often should users update their browsers?
Users must enable automatic updates so that they always run the latest version. Regular updates protect users from known cyber vulnerabilities and improve browser performance.
