- CVE-2024-7971 vulnerability found in all Chromium-based browsers
- It allows remote execution of malicious code on endpoint devices
- It compromises the security of millions of users
- North Korean Citrine Sleet is behind it
North Korean cyber group Citrine Sleet has successfully exploited a zero-day vulnerability in Chromium-based browsers, including Google Chrome.
The vulnerability, known as CVE-2024-7971, impacts the general cyber security posture of millions of users and also the crypto sector.
Vulnerability and Attack Details
The CVE-2024-7971 vulnerability is related to a type confusion flaw in the V8 Javascript and WebAssembly engine used by Chromium and allowed attackers to bypass the isolated browser rendering process and execute malicious code on endpoint devices.
Microsoft Threat Intelligence and the Microsoft Security Response Center (MSRC), who reported about security incident, commented it:
“Our ongoing analysis and observed infrastructure lead us to attribute this activity with medium confidence to Citrine Sleet.”
Citrine Sleet, also known as Applejeus and Hidden Cobra, is affiliated with Bureau 121, North Korea’s cyber espionage unit. The group actively uses fake cryptocurrency resources like fake crypto websites and sends out fake job offers, also uses crypto wallets to accomplish its goals. They may share tools and infrastructure with another North Korean threat group, Diamond Sleet. Specifically, their activities include the use of the Fudmodule rootkit malware.
One of the previously detected incidents, where a victim connected to the voyagorclub[.]space domain used a zero-day exploit to download malware and bypass the Windows security sandbox. Microsoft discovered and fixed the vulnerability on August 13, but there is no clear evidence that Citrine Sleet was behind the exploit, so only two scenarios are possible here – the vulnerability was discovered by different groups at the same time or was used as part of a common intelligence operation.
Security Recommendations from Microsoft
Microsoft emphasized the importance of regularly updating systems and applying the latest security patches, with additional use of advanced security solutions.
“Zero-day exploits necessitate not only keeping systems up to date but also security solutions that provide unified visibility across the cyberattack chain to detect and block post-compromise attacker tools and malicious activity following exploitation.”
Namely, to be protected from CVE-2024-7971 vulnerability, users have to:
- Update operating systems and applications to the latest versions with the latest security patches
- Make sure their Google Chrome (or Chromium-based like Brave) browser is updated to version 128.0.6613.84 or later
- Implement advanced security solutions, like using Firewalls and VPNs
Conclusion
Another day from the world of cybersecurity brings another threat, and it should be noted that the last few years have only seen an increase.
The number and sophistication of attacks grow exponentially, and they are now sponsored by entire nations. The crypto sector as the only one capable of providing true anonymity (with some knowledge and effort) is beginning to be misused.
Be careful with your devices, as the security of your assets depends on the security of their systems. Always keep your systems and applications up to date and check all your online activities.