On August 19, 2024, Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE). Microsoft researchers assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat actor targeting the cryptocurrency sector for financial gain.
Microsoft ongoing analysis and observed infrastructure lead them to attribute this activity with medium confidence to Citrine Sleet. The researchers note that while the FudModule rootkit deployed has also been attributed to Diamond Sleet, another North Korean threat actor, Microsoft previously identified shared infrastructure and tools between Diamond Sleet and Citrine Sleet, and our analysis indicates this might be shared use of the FudModule malware between these threat actors.
Read more…
Source: Microsoft
Related:
- 7 New Meltdown and Spectre-type CPU Flaws Affect Intel, AMD, ARM CPUs
November 14, 2018
Disclosed earlier this year, potentially dangerous Meltdown and Spectre vulnerabilities that affected a large family of modern processors proven that speculative execution attacks can be exploited in a trivial way to access highly sensitive information. Since then, several more variants of speculative execution attacks have been discovered, including Spectre-NG, SpectreRSB, Spectre 1.1, Spectre1.2, TLBleed, Lazy FP, NetSpectre and Foreshadow, patches for which were released ...
- October 2018’s Most Wanted Malware: For The First Time, Remote Access Trojan Reaches Top 10 Threats
November 13, 2018
For the first time, Check Point threat intelligence researchers found that a remote access Trojan (RAT) has reached the Global Threat Index’s Top 10. Dubbed “FlawedAmmyy”, this type of attack allows attackers to remotely control the victim’s machine– gaining full access to the machine’s camera and microphone, collecting screen grabs, stealing credentials and sensitive files, ...
- Microsoft patches Windows zero-day used by multiple cyber-espionage groups
November 13, 2018
Microsoft released today its monthly roll-up of security patches known as Patch Tuesday. This month, the Redmond-based company has fixed 62 security flaws. Among the 62 fixes, there is also a fix for a zero-day vulnerability that was under active exploitation before today’s patches were made available. The zero-day, tracked as CVE-2018-8589, impacts the Windows Win32k component. Microsoft ...
- Using Machine Learning to Cluster Malicious Network Flows From Gh0st RAT Variants
November 13, 2018
Cybercriminals have become more and more creative and efficient in their efforts to successfully bypass network security. Reports of unauthorized network intrusions that have compromised enterprise security, resources, and data, plague experts on a day-to-day basis, and will continue to do so if not prevented by a more efficient detection system or method. Currently, attackers use polymorphism, ...
- EUROPOL: Internet Organised Crime Threat Assessment 2018
November 12, 2018
It is my pleasure to introduce the 2018 Internet Organised Crime Threat Assessment (IOCTA), not only as it is the fifth anniversary edition of the report, but also my first as the Executive Director of Europol. The IOCTA has been and continues to be a flagship strategic product for Europol. It provides a unique law enforcement ...
- The White Company: Inside the Operation Shaheen Espionage Campaign
November 12, 2018
In a new collection of extensive research reports, the Cylance Threat Intelligence Team profiles a new, likely state-sponsored threat actor called The White Company – in acknowledgement of the many elaborate measures they take to whitewash all signs of their activity and evade attribution. The report details one of the group’s recent campaigns, a year-long espionage ...