We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

North Korean Hackers Steal Crypto Using Chromium Exploit

North Korean Hackers Steal Crypto Using Chromium Exploit
Author Image Husain Parvez
Husain Parvez Published on 5th September 2024 Cybersecurity Researcher

In an alarming series of cyberattacks, a North Korean hacking group known as Citrine Sleet exploited a zero-day vulnerability in Chromium-based browsers to steal cryptocurrency. The vulnerability, CVE-2024-7971, impacted popular browsers such as Google Chrome and Microsoft Edge and was swiftly patched by Google on August 21, 2024, following the initial discovery by Microsoft two days earlier.

The hacking group targeted organizations within the cryptocurrency industry by tricking victims into visiting malicious websites that were under the hackers' control. Once the users interacted with these fake domains, the attackers exploited the Chromium vulnerability to gain remote code execution (RCE) in their browser.

The attackers then deployed the FudModule rootkit, a sophisticated malware that allows deep access to the Windows operating system. Microsoft’s analysis indicates a connection between Citrine Sleet and another North Korean threat actor known as Diamond Sleet, which had previously used similar malware.

Citrine Sleet is part of North Korea’s ongoing cyber strategy to target cryptocurrency firms and financial institutions for financial gain. According to Microsoft’s blog post, “The threat actor creates fake websites masquerading as legitimate cryptocurrency trading platforms,” often luring victims into downloading weaponized crypto wallets. These fake apps are designed to give the attackers full access to the victims' digital assets, allowing them to steal significant sums of cryptocurrency.

Between 2017 and 2023, North Korean hackers have allegedly stolen $3 billion worth of cryptocurrency, as pointed out by the Record. This stolen digital currency is used to fund the regime's activities.

Google quickly responded to the discovery by issuing a patch to all Chromium browsers on August 21. Although the immediate threat was neutralized by the software update, the campaign highlights the growing risks of zero-day vulnerabilities and the lengths to which North Korean hackers will go to circumvent security measures.

The US government has also taken action, mandating federal agencies to patch this vulnerability by September 16, 2024. Meanwhile, Microsoft has notified affected users and continues to monitor the situation.

In a previous campaign, North Korean hackers leveraged a flaw in a VPN’s update mechanisms to spread malware.

About the Author

Husain Parvez is a Cybersecurity Researcher and News Writer at vpnMentor, focusing on VPN reviews, detailed how-to guides, and hands-on tutorials. Husain is also a part of the vpnMentor Cybersecurity News bulletin and loves covering the latest events in cyberspace and data privacy.

Please, comment on how to improve this article. Your feedback matters!

Leave a comment

Sorry, links are not allowed in this field!

Name should contain at least 3 letters

The field content should not exceed 80 letters

Sorry, links are not allowed in this field!

Please enter a valid email address