On 24th March (Thursday), Google’s threat analysis group (TAG) released a statement that disclosed details about the activity of two North Korean based hacker groups, who had exploited Chrome’s zero-day vulnerability to target several fintech, news media, IT and cryptocurrency firms.
Previously, the attackers carried out two campaigns, namely Operation Dream Job and Operation Apple Jeus and the former was unearthed by Israeli cybersecurity firm Clearskysec, revealing that the campaign targeted job aspirants, particularly in the field of news media, through a series of nuanced social engineering attacks. Whereas Operation Apple Jeus attacked cryptocurrency exchange using macOS malware, fake installers, and UI redressing techniques.
On February 10, TAG discovered the attackers abusing Chrome’s zero-day vulnerability (CVE-2022-0609), which was patched as part of an update (version 98.0.4758.102) on February 14, days after the escalation, although deployment of the exploit kit dates back to January 4, 2022.
TAG also revealed that although both the teams are traced back to a common entity, they operated with different objectives and adopted dissimilar strategies of attack. As an immediate response measure, the advisory added “all identified websites and domains were added to Safe Browsing to protect users from further exploitation. We also sent all targeted Gmail and Workspace users government-backed attacker alerts notifying them of the activity. We encourage any potential targets to enable Enhanced Safe Browsing for Chrome and ensure that all devices are updated.”