Two North Korean hacking groups used a Google Chrome zero-day attack to target cryptocurrency firms and job seekers, but the search engine giant’s threat research team was able to stop them.
Adam Weidemann of Google’s Threat Analysis Group (TAG) highlighted in a blog post that the two groups had been abusing CVE 2022-0609, a remote code execution vulnerability in Chrome. Operation Dream Job and Operation AppleJeus have been used to track the actions of the two groups. The first evidence of these groups’ operations leveraging the Chrome vulnerabilities that the Google TAG team found dates back to January 4 of this year. Google believes the two hacker groups are part of the same organisation, which explains why they used the same attack, despite the fact that they have different missions and use different methodologies. It further claimed that additional attackers backed by the North Korean government have access to the same exploit.
According to Google, the hacking groups were also tied to Lazarus, one of the world’s deadliest hacker groups based in North Korea. Lazarus is responsible for some of the most high-profile cyber attacks in recent memory, including the infamous Sony breach in 2014. The hackers hacked the film firm, grabbed enormous amounts of data, and published it to the media under the name “Guardians of Peace.” They then requested that Sony put a stop to the publication of ‘The Interview,’ a film depicting two Americans who assassinate North Korea’s supreme leader, Kim Jong Un.
According to Google, 85 users in the crypto and financial industries were among the targeted categories. They also sent phoney job offers in emails to 250 persons from 10 different organisations in the news industry, software providers, and domain registrars, impersonating recruiters from some of the world’s greatest firms including Disney and Google. The latest claim adds to widespread speculation that North Korea’s government has been collaborating with hackers to attack and steal from its adversaries. It has a particular fondness for cryptocurrency and is responsible for some of the greatest attacks in the industry.
According to Chainalysis, Lazarus hackers stole around $400 million in cryptocurrency in 2021 alone through cyberattacks, ransomware, and other methods.