Google says it stopped North Korea hacking Chrome

Date:
Fri, 25 Mar 2022 14:04:25 +0000

Description:
Threat actors linked to the North Korean government were targeting media, hosting providers and fintech firms.

FULL STORY ======================================================================

Google has confirmed it has patched a serious security vulnerability in its Chrome internet browser which allowed malicious actors to spy on people and potentially take over their devices.

In a blog post , Adam Weidemann of Googles Threat Analysis Group said the
flaw was being used in the wild as early as January 4 by two separate cybercrime entities.

These two groups are known as Operation Dream Job and Operation AppleJeus,
and both have, allegedly, strong ties to the government of North Korea. TechRadar needs you!

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a 100 Amazon gift card (or equivalent in USD). Thank you for taking part.

Click here to start the survey in a new window << Cleaning out the clues

According to Google, the two groups were using the same vulnerability, but their approach, as well as targets, differ. The company says that while Operation Dream Job targeted individuals working at major news organizations, domain registrars, hosting providers, and software vendors, Operation AppleJeus targeted people in the cryptocurrency and fintech businesses.

Their methods were different, as well. The former assumed the identities of recruiters, sending fake inquiries for vacant job positions at Google,
Oracle, or Disney, and distributing links to websites that imitated Indeed, ZipRecruiter, or DisneyCareers.

These sites were loaded with a hidden iframe which would exploit the flaw and allow for remote code execution.

The latter, on the other hand, did a similar thing by creating fake websites, but it was also compromising legitimate ones and installing the weaponized iframes on them, as well. Read more

North Korean malware could still pose major threat

Security researchers under attack from North Korea

Microsoft takes down 50 North Korean hacking sites

The researchers are also saying that the groups were good at hiding their traces, once the job was done. If they succeed in executing remote code,
theyd seek to gain further access to the target endpoint, after which theyd try to remove all traces of their existence.

"Careful to protect their exploits, the attackers deployed multiple
safeguards to make it difficult for security teams to recover any of the stages," Weidemann writes.

Google says the attackers would have the iframes appear only at specific times, and that the victims would be getting unique links that expired once activated. Each step of the attack was encrypted with the AES algorithm, and if one of the steps failed, the entire operation would stop.

The vulnerability was patched on February 14. Here's our rundown of the best malware removal software right now

Via: The Register



======================================================================
Link to news story: https://www.techradar.com/news/google-says-it-stopped-north-korea-hacking-chro me/


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)