On August 19, 2024, Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE). Microsoft researchers assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat actor targeting the cryptocurrency sector for financial gain.
Microsoft ongoing analysis and observed infrastructure lead them to attribute this activity with medium confidence to Citrine Sleet. The researchers note that while the FudModule rootkit deployed has also been attributed to Diamond Sleet, another North Korean threat actor, Microsoft previously identified shared infrastructure and tools between Diamond Sleet and Citrine Sleet, and our analysis indicates this might be shared use of the FudModule malware between these threat actors.
Read more…
Source: Microsoft
Related:
- Zeus Sphinx Banking Trojan Arises Amid COVID-19
March 30, 2020
According to researchers Amir Gandler and Limor Kessem at IBM X-Force, Sphinx (a.k.a. Zloader or Terdot) began resurfacing in December. However, the researchers observed a significant increase in volume in March, as Sphinx’s operators looked to take advantage of the interest and news around government relief payments. First seen in August 2015, Sphinx is a modular ...
- A mysterious hacker group is eavesdropping on corporate email and FTP traffic
March 28, 2020
Since at least early December 2019, a mysterious hacker group has been taking over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks, Chinese security firm Qihoo 360 said today. In a report published on the blog of its network security division Netlab, Qihoo said its researchers detected two different threat actors, each exploiting ...
- Cyber criminals shift focus to target remote workers
March 27, 2020
Criminals are only just getting started when it comes to exploiting the global spread of coronavirus to profit from hacking and cybercrime, and the number of attacks is likely to rise, Europe’s law enforcement agency Europol has warned. The new report on how criminals profit from the COVID-19 pandemic details the increase in coronavirus-themed attacks, including phishing emails and spam ...
- Ryuk Ransomware Keeps Targeting Hospitals During the Pandemic
March 26, 2020
The Ryuk Ransomware operators to continue to target hospitals even as these organizations are overwhelmed during the Coronavirus pandemic. Last week BleepingComputer contacted various ransomware groups and asked if they would target hospitals and other healthcare organizations during the pandemic. With the amount of strain healthcare organizations are under during this pandemic, I was hoping that ransomware operators would ...
- Ransomware Maze
March 26, 2020
The Maze ransomware, previously known in the community as “ChaCha ransomware”, was discovered on May the 29th 2019 by Jerome Segura. The main goal of the ransomware is to crypt all files that it can in an infected system and then demand a ransom to recover the files. However, the most important characteristic of Maze is the ...
- Emerging APT Mounts Mass iPhone Surveillance Campaign
March 26, 2020
A recently discovered, mass-targeted watering-hole campaign has been aiming at Apple iPhone users in Hong Kong – infecting website visitors with a newly developed custom surveillance malware. The bad code – the work of a new APT called “TwoSail Junk” – is delivered via a multistage exploit chain that targets iOS vulnerabilities in versions 12.1 ...