2 N.Korean govt-backed hackers exploited Chrome bug: Google


New Delhi, Mar 27 (IANS): Google has discovered that North Korean government-backed hackers are targeting news media, IT, cryptocurrency and fintech industries in the US and globally.

The Google Threat Analysis Group (TAG) found that two distinct North Korean government-backed attacker groups were exploiting a remote code execution vulnerability in Chrome browser.

"We suspect that these groups work for the same entity with a shared supply chain, hence the use of the same exploit kit, but each operate with a different mission set and deploy different techniques," the company said in a blog post.

It is possible that other North Korean government-backed attackers have access to the same exploit kit, it added.

One campaign, consistent with 'Operation Dream Job', targeted over 250 individuals working for 10 different news media, domain registrars, web hosting providers and software vendors.

The targets received emails claiming to come from recruiters at Disney, Google and Oracle with fake potential job opportunities.

The emails contained links spoofing legitimate job hunting websites like Indeed and ZipRecruiter.

"Victims who clicked on the links would be served a hidden iframe that would trigger the exploit kit," said Google.

Another North Korean group, whose activity has been publicly tracked as 'Operation AppleJeus', targeted over 85 users in cryptocurrency and fintech industries leveraging the same exploit kit.A

This included compromising at least two legitimate fintech company websites and hosting hidden iframes to serve the exploit kit to visitors.

"In other cases, we observed fake websites -- already set up to distribute trojanised cryptocurrency applications -- hosting iframes and pointing their visitors to the exploit kit," Google informed.

Upon discovery, all identified websites and domains were added to 'Safe Browsing' to protect users from further exploitation.

"We also sent all targeted Gmail and Workspace users government-backed attacker alerts notifying them of the activity," said Google.

 

  

Top Stories


Leave a Comment

Title: 2 N.Korean govt-backed hackers exploited Chrome bug: Google



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.