North Korean Govt-Backed Hackers Exploited Chrome Bug: Google

By U Cast Studios
March 28, 2022

North Korean Govt-Backed Hackers Exploited Chrome Bug: Google
Image Courtesy Of Pixabay And Insider Report

Google has discovered that hackers backed by the North Korean government are targeting the news media, IT, cryptocurrency, and fintech industries in the United States and around the world.

This article was written by Brendan Taylor and published by Insider Paper.

The Google Threat Analysis Group (TAG) discovered that two distinct North Korean government-backed attacker groups were attempting to exploit a remote code execution vulnerability in the Chrome browser.

“We suspect that these groups work for the same entity with a shared supply chain, hence the use of the same exploit kit, but each operate with a different mission set and deploy different techniques,” the company said in a blog post.

It’s possible that other North Korean government-backed attackers have access to the same exploit kit, according to the report.

In keeping with ‘Operation Dream Job,’ one campaign targeted over 250 people working for ten different news organisations, domain registrars, web hosting providers, and software vendors.

The targets received emails purporting to be from recruiters at Disney, Google, and Oracle, containing bogus job opportunities.

The emails contained links to bogus job-search websites such as Indeed and ZipRecruiter.

“Victims who clicked on the links would be served a hidden iframe that would trigger the exploit kit,” said Google.

Another North Korean group, dubbed ‘Operation AppleJeus,’ used the same exploit kit to target over 85 users in the cryptocurrency and fintech industries. A

At least two legitimate fintech company websites were compromised, and hidden iframes were hosted to serve the exploit kit to visitors.

“In other cases, we observed fake websites — already set up to distribute trojanised cryptocurrency applications — hosting iframes and pointing their visitors to the exploit kit,” Google informed.

All identified websites and domains were added to ‘Safe Browsing’ upon discovery to protect users from further exploitation.

“We also sent all targeted Gmail and Workspace users government-backed attacker alerts notifying them of the activity,” said Google.

Subscribe to U Cast Studios

Something went wrong. Please check your entries and try again.

Read the Latest

I Read It on the Internet

I Read It on the Internet

Read the Latest

Subscribe to Cast Studios

  • This field is for validation purposes and should be left unchanged.

THE INTROSPECKTIVE PODCAST