Google closes vulnerability in Chrome likely to be exploited by
Software

Google closes vulnerability in Chrome likely to be exploited by North Korean hackers

Google announced the discovery and closure of a vulnerability in Chrome that allowed remote code execution in the browser. This vulnerability is believed to have been exploited by North Korean hackers.

    Image Source: Tomoyuki Mizuta / pixabay.com

Image Source: Tomoyuki Mizuta / pixabay.com

According to the British edition The registry Citing Google employee Adam Weidemann, the Chrome vulnerability was identified on February 10 and has been exploited since at least January 4 – a flaw in the program made it possible to compromise the victim’s browser, take control of the computer and to carry out surveillance. The North Korean intelligence services “targeted” employees of American media, high-tech, cryptocurrency, and fintech companies, but it’s possible the attackers also operated in other countries and industries.

The exploitation of the vulnerability was carried out by the Pyongyang-controlled groups Operation Dream Job and Operation AppleJeus – they used the same exploit code but acted on different scenarios. Operation Dream Job hackers targeted media workers, domain registrars, ISPs, and software vendors. The attackers posed as human resources specialists by sending fake emails about job vacancies at Google, Oracle and Disney, disguising the messages as real letters from recruitment agencies. Users navigated to websites with hidden iframes that exploited the vulnerability to run arbitrary code. The Operation AppleJeus group specializes in people dealing with cryptocurrencies or employed in the fintech industry – they were also lured to phishing sites with hidden iframe elements.

A computer identifier was created using the JavaScript engine, and if certain conditions were met, the exploit was launched. If the remote code execution was successful, an attempt was made to enter a new attack phase via JavaScript, in which the malicious code went beyond the browser sandbox and gained privileged access to the entire machine.

The hackers masterfully covered their tracks: unique links were sent to all victims, which became inaccessible after the first transition, each step was encrypted using the AES algorithm, and if any of the steps failed, further work was stopped. A Google employee clarified that the company was able to trace the entire chain of attacks on Chrome and there were indications of attempts to implement a similar scenario with Safari and Firefox, but traces of such attacks have already been destroyed.

.

About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment