In the recent news, Google’s Threat Analysis Group has uncovered North Korean state hackers tried to exploit a zero-day vulnerability in Google Chrome, granting them access to users’ devices. The company has since then patched the security flaw caused by the zero-day vulnerability. In an official blog post, Adam Weidemann, Director of Engineer at Google, declared that the zero-day vulnerability was being exploited since January 4th.
The Zero-Day Vulnerability Was Exploited for Both Intelligence and Financial Details
Moreover, the post explained in detail how the bug was exploited for both intelligence and financial attacks over weeks. The two groups were codenamed Operation Dream Job and Operation AppleJeus, and targeted “U.S. based organizations spanning news media, IT, cryptocurrency and fintech industries.” The North Korean state hackers exploited a use-after-free bug in Chrome known as CVE-2022-0609.
The zero-day vulnerability allows hackers to place malicious code inside vulnerable memory locations authorizing remote code execution. The company has since then launched a security patch with the Chrome update version 98.0.4758.102. However, Weidemann asserts that the North Korean state hackers spent weeks between 4th January and 14th February pulling off several covert attacks carried out in different phases, enabling them to hide their tracks.
The North Korean State Hackers Are Probably Working to Boost North Korea’s Government Resources
Weidemann also wrote that the groups were “careful to protect their exploits … [they] deployed multiple safeguards to make it difficult for security teams to recover any of the stages.” The groups are suspected to have been created by the authoritarian regime to carry out operations that would help promote North Korea’s government resources.
Weidemann elaborated on the exploitation of the zero-day vulnerability, “We suspect that these groups work for the same entity with a shared supply chain, hence the use of the same exploit kit, but each operates with a different mission set and deploys different techniques. Other North Korean government-backed attackers may have access to the same exploit kit.”
Source: Android Police