Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February.
North Korean threat actors exploited a remote code execution (RCE) zero-day vulnerability in Google’s Chrome web browser weeks before the bug was discovered and patched, according to researchers.
Google Threat Analysis Group (TAG) discovered the flaw, tracked as CVE-2022-0609, on Feb. 10, reporting and patching it four days later as part of an update. Researchers said at the time that an exploit for the flaw–a use-after-free vulnerability in Chrome’s animation component–already existed in the wild.
Google TAG now revealed it believes two threat groups—the activity of which has been publicly tracked as Operation Dream Job and Operation AppleJeus, respectively—exploited the flaw as early as Jan. 4 in “campaigns targeting U.S. based organizations spanning news media, IT, cryptocurrency and fintech industries,” according to a blog post published Thursday by Google TAG’s Adam Weidemann. Other organizations and countries also may have been targeted, he said.
“One of the campaigns has direct infrastructure overlap with a campaign targeting security researchers which we reported on last year,” he wrote. In that