Dual North Korean hacking efforts found attacking Google Chrome vulnerability

Written by
Mar 24, 2022 | CYBERSCOOP

Two distinct sets of North Korean hackers were exploiting the same remote code execution vulnerability in the Chrome web browser — one targeting news media and IT companies, the other aimed at cryptocurrency and fintech organizations — Google’s Threat Analysis Group announced Thursday.

The vulnerabilty, which was patched on Feb. 14, would have allowed the hackers to deliver malware packages in hidden iframes, both on websites they owned as well as websites they’d compromised. The two groups had different aims and used different techniques, but they used the same exploit kit, meaning they likely worked for the same entity with a shared supply chain, according to Adam Weidemann of the Threat Analysis Group, which published the findings to the group’s blog.

In one of the campaigns Google researchers saw the hackers make multiple attempts to use the exploit after the Feb. 14 patch, “which stresses the importance of applying security updates as they become available,” Weidemann wrote.

The campaign targeting unnamed news media and IT companies went after more than 250 people working for more than 10 different news media, domain registrars, web hosting providers and software vendors, Weidemann wrote.

Read More: https://www.cyberscoop.com/north-korea-hackers-google-dream-job/