 **Microsoft’s threat intelligence team says a known North Korean threat actor was responsible for exploiting a Chrome remote code execution flaw patched by Google earlier this month.**According to [fresh documentation](https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/) from Redmond, an organized hacking team linked to the North Korean government was caught using zero-day exploits against a type confusion flaw in the Chromium V8 JavaScript and WebAssembly engine.The vulnerability, tracked as CVE-2024-7971, [was patched by Google](https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html) on August 21 and marked as actively exploited. It is the [seventh Chrome zero-day](https://www.securityweek.com/google-patches-sixth-exploited-chrome-zero-day-of-2024/) exploited in attacks so far this year.’We assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat actor targeting the cryptocurrency sector for financial gain,’ Microsoft said in a [new post](https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/) with details on the observed attacks.Microsoft attributed the attacks to an actor called ‘Citrine Sleet’ that has been caught in the pastTargeting financial institutions, particularly organizations and individuals managing cryptocurrency.Citrine Sleet is tracked by other security companies as AppleJeus, Labyrinth Chollima, UNC4736, and Hidden Cobra, and has been attributed to Bureau 121 of North Korea’s Reconnaissance General Bureau.In the attacks, first spotted on August 19, the North Korean hackers directed victims to a booby-trapped domain serving remote code execution browser exploits. Once on the infected machine, Microsoft observed the attackers deploying the FudModule rootkit that was previously used by a different North Korean APT actor. Advertisement. Scroll to continue reading. Related: [Google Patches Sixth Exploited Chrome Zero-Day of 2024](https://www.securityweek.com/google-patches-sixth-exploited-chrome-zero-day-of-2024/)Related: [Google Now Offering Up to $250,000 for Chrome Vulnerabilities](https://www.securityweek.com/google-now-offering-up-to-250000-for-chrome-vulnerabilities/)Related: [Volt Typhoon Caught Exploiting Zero-Day in Servers Used by ISPs, MSPs](https://www.securityweek.com/chinese-apt-volt-typhoon-caught-exploiting-versa-networks-sd-wan-zero-day/)Related: [Google Catches Russian APT Reusing Exploits From Spyware Merchants](https://www.securityweek.com/google-catches-russian-apt-re-using-exploits-from-spyware-merchants-nso-group-intellexa/)  Written By [Ryan Naraine](https://www.securityweek.com/contributors/ryan-naraine/ ‘Posts by Ryan Naraine’) Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world. [](https://www.twitter.com/ryanaraine/)[](https://www.linkedin.com/in/ryanaraine/) More from [Ryan Naraine](https://www.securityweek.com/contributors/ryan-naraine/ ‘Posts by Ryan Naraine’)———————————————————————————————————* [Google Catches Russian APT Reusing Exploits From Spyware Merchants NSO Group, Intellexa](https://www.securityweek.com/google-catches-russian-apt-re-using-exploits-from-spyware-merchants-nso-group-intellexa/)* [LinkedIn Hires Former Twitter Security Chief Lea Kissner as New CISO](https://www.securityweek.com/linkedin-hires-former-twitter-security-chief-lea-kissner-as-new-ciso/)* [Censys Finds Hundreds of Exposed Servers as Volt Typhoon APT Targets Service Providers](https://www.securityweek.com/censys-finds-hundreds-of-exposed-servers-as-volt-typhoon-apt-targets-isps-msps/)* [China’s Volt Typhoon Hackers Caught Exploiting Zero-Day in Servers Used by ISPs, MSPs](https://www.securityweek.com/chinese-apt-volt-typhoon-caught-exploiting-versa-networks-sd-wan-zero-day/)* [Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware](https://www.securityweek.com/two-years-on-log4shell-vulnerability-still-being-exploited-to-deploy-malware/)* [Critical Authentication Flaw Haunts GitHub Enterprise Server](https://www.securityweek.com/critical-authentication-flaw-haunts-github-enterprise-server/)* [Major Backdoor in Millions of RFID Cards Allows Instant Cloning](https://www.securityweek.com/major-backdoor-in-millions-of-rfid-cards-allows-instant-cloning/)* [Windows Zero-Day Attack Linked to North Korea’s Lazarus APT](https://www.securityweek.com/windows-zero-day-attack-linked-to-north-koreas-lazarus-apt/)Latest News———–* [In Other News: Automotive CTF, Deepfake Scams, Singapore’s OT Security Masterplan](https://www.securityweek.com/in-other-news-automotive-ctf-deepfake-scam-singapores-ot-security-masterplan/)* [BlackByte Ransomware Gang Believed to Be More Active Than Leak Site Suggests](https://www.securityweek.com/blackbyte-ransomware-gang-believed-to-be-more-active-than-leak-site-suggests/)* [California Advances Landmark Legislation to Regulate Large AI Models](https://www.securityweek.com/california-advances-landmark-legislation-to-regulate-large-ai-models/)* [Fortra Patches Critical Vulnerability in FileCatalyst Workflow](https://www.securityweek.com/fortra-patches-critical-vulnerability-in-filecatalyst-workflow/)* [US Government Issues Advisory on Ransomware Group Blamed for Halliburton Cyberattack](https://www.securityweek.com/us-government-issues-advisory-on-ransomware-group-blamed-for-halliburton-cyberattack/)* [2 Men From Europe Charged With ‘Swatting’ Plot Targeting Former US President and Members of Congress](https://www.securityweek.com/2-men-from-europe-charged-with-swatting-plot-targeting-former-us-president-and-members-of-congress/)* [Critical Flaws in Progress Software WhatsUp Gold Expose Systems to Full Compromise](https://www.securityweek.com/critical-flaws-in-progress-software-whatsup-gold-expose-systems-to-full-compromise/)* [Dick’s Sporting Goods Says Sensitive Data Exposed in Cyberattack](https://www.securityweek.com/dicks-sporting-goods-discloses-cyberattack/)  #### TrendingDaily Briefing Newsletter————————-Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. [Virtual Event Attack Surface Management Summit———————————————-](https://www.securitysummits.com/event/attack-surface-management-summit/) September 18, 2024Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.[Register](https://www.securitysummits.com/event/attack-surface-management-summit/) [Event: ICS Cybersecurity Conference———————————–](https://www.icscybersecurityconference.com) Oct. 21-24, 2024 -| AtlantaThe leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.[Register](https://www.icscybersecurityconference.com) #### People on the MoveOffensive security firm Cobalt has named Sonali Shah as its new CEO. GitHub has promoted Mike Hanley to the position of Chief Technology Officer (CTO) Malicious synthetic content and deepfakes detection startup GetReal Labs has appointed Matt Moynahan as its CEO.[More People On The Move](/industry-moves) #### Expert Insights[Cybersecurity Maturity: A Must-Have on the CISO’s Agenda——————————————————–](https://www.securityweek.com/cybersecurity-maturity-a-must-have-on-the-cisos-agenda/)  Undertaking a cybersecurity maturity review helps leaders establish a benchmark from which to build a proactive improvement strategy. [(Marc Solomon)](https://www.securityweek.com/contributors/marc-solomon/)[Rising Tides: Runa Sandvik on Creating Work that Makes a Difference——————————————————————-](https://www.securityweek.com/rising-tides-runa-sandvik-on-creating-work-that-makes-a-difference/)  Runa Sandvik is an inaugural member of CISA’s Technical Advisory Council and the Aspen Institute’s Global Cybersecurity Group, and a board member of the Signals Network. But she is so much more. [(Jennifer Leggio)](https://www.securityweek.com/contributors/jennifer-leggio/)[Unlocking the Power of AI in Cybersecurity——————————————](https://www.securityweek.com/unlocking-the-power-of-ai-in-cybersecurity/)  As adversaries increasingly exploit AI, security practitioners must not fall behind. What does it take to unlock the full potential of AI in cybersecurity? [(Torsten George)](https://www.securityweek.com/contributors/torsten-george/)[How Exceptional CISOs Are Igniting the Security Fire in Their Development Team——————————————————————————](https://www.securityweek.com/how-exceptional-cisos-are-igniting-the-security-fire-in-their-development-team/)  For years, many CISOs have struggled to influence their development cohort on the importance of putting security first. [(Matias Madou)](https://www.securityweek.com/contributors/matias-madou/)[Consolidation vs. Optimization: Which Is More Cost-Effective for Improved Security?———————————————————————————–](https://www.securityweek.com/consolidation-vs-optimization-which-is-more-cost-effective-for-improved-security/)  Security leaders are facing big decisions about how they use their monetary and people resources to better secure their environments. [(Jennifer Leggio)](https://www.securityweek.com/contributors/jennifer-leggio/)
Related Tags:
ControlX
CHROMIUM
Charcoal Typhoon
Diamond Sleet
NAICS: 921 – Executive
Legislative
Other General Government Support
NAICS: 52 – Finance And Insurance
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 92 – Public Administration
NAICS: 523 – Securities
Commodity Contracts
Other Financial Investments And Related Activities
Associated Indicators: