According to new data published by Google’s Label ( Trouble Analysis Group), two distinct North Korean hacker groups independently used a Chrome cybersurfer zero-day excrescence in organized malware juggernauts.
The Chrome vulnerability in question – CVE-2022-0609 – was renovated by Google last month with the company issuing a barebones advisory to advise of the zero-day in-the-wild exploitation.
On Thursday, the hunt mammoth linked those attacks to North Korea’s government-backed hacking groups, advising that the foremost substantiation of attacks dates back to early January of this time.
“We suspect that these groups work for the same reality with a participated force chain, hence the use of the same exploit tackle, but each operates with a different charge set and emplaces different ways. It’s possible that other North Korean government-backed bushwhackers have access to the same exploit tackle,” said Google experimenter Adam Weidemann.
Weidemann proved his work tracking the APT exertion, noting that one crusade targeted further than 250 individualities working for 10 different news media, sphere registers, web hosting providers, and software merchandisers.
“The targets entered emails claiming to come from babe at Disney, Google, and Oracle with fake implicit job openings. The emails contained links burlesquing licit job stalking websites like Indeed and ZipRecruiter,” he explained.
Targets clicking on the bedded vicious links fell victim to drive-by cybersurfer malware downloads.
Google’s exploration platoon plant the North Korean brigades using an exploit tackle with retired iframes outfitted into a multifariousness of websites. The exploit tackle is able of characteristic target systems before launching a Chrome remote law prosecution exploitable of escaping the vaunted Chrome sandbox.
Google said it was unfit to capture any post-exploit exertion, advising that the attack brigades were veritably careful to target specific individualities and used specialized tricks to filter implicit victims.
“Although we recovered a Chrome RCE, we also plant substantiation where the bushwhackers specifically checked for callers using Safari on macOS or Firefox (on any Zilches), and directed them to specific links on known exploitation waiters,” Weidemann added.
North Korean hackers have been caught in once targeting security experimenters and using a fake penetration testing company in social engineering juggernauts. Trouble nimrods have also proved North Korean hacking conditioning targeting cryptocurrency platforms.
The TheU.S. government has linked North Korea’s government-backed hackers as a significant adversary and has espoused a “beach-and-disunion” security strategy to add cost to their operations.