Google claims to have thwarted cyberattacks by North Korean hackers in 2022

Two separate groups of North Korean hackers were exploiting the same remote code execution vulnerability in the Chrome web browser, but Google managed to thwart cyberattacks earlier this year.

Credit: Unsplash

Hackers backed by the North Korean government exploited a critical zero-day flaw of Chrome in an attempt to infect the computers of hundreds of people working in a wide range of industries, including news media, IT, cryptocurrencies and financial services, Google announced on its blog.

Google’s Threat Analysis Group (TAG) has assigned two exploits of the recent fix CVE-2022-0609 to two separate groups of attackers supported by the North Korean government. ” We suspect that these groups work for the same entity with a shared supply chain, hence the use of the same exploit kit, but each operates with a different set of missions and deploys different techniques. writes Google’s cybersecurity team.

Also read: North Korean hackers spy on Windows and Android devices with Chinotto malware

North Korean hackers were stopped by Google

According to TAG Group, between January and February 2022, North Korean hackers took over a zero-day flaw in Google Chrome that allowed them to execute code on target devices. Before the flaw is patched, the North Koreans allegedly used it to compromise the computers of various companies.

According to information from Google, one of the groups, named “Operation Dream Job”, targeted more than 250 people from different media with phishing emails claiming to be from Disney, Google and Oracle recruiters. The emails contained links to job search sites like Indeed and ZipRecruiter. Phishing campaigns are becoming more and more common, and we have seen that Microsoft Teams has become a favorite target for hackers.

Another group called “Operation AppleJues” would have targeted 85 users from the cryptocurrency and fintech sectors. Hackers reportedly managed to deploy malware that was hidden in HTML tags on fake websites. There again, theattackers’ goal was to redirect users to a compromised site where an exploit script was run against the Chrome flaw to install remote access malware. Google specifies that Chrome would not have been the only browser targeted by hackers, and that macOS and Firefox were also affected.

Source: google

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *