North Korean hackers exploit Chrome browsers to steal crypto assets

A new report from Microsoft reveals that North Korean hackers exploited a previously unknown vulnerability in Chrome-based browsers on August 19, aiming to steal cryptocurrency.

Google promptly patched the bug on August 21 after being alerted to the issue.

Microsoft stated, "We assess with high confidence that the observed exploitation … can be attributed to a North Korean threat actor targeting the cryptocurrency sector for financial gain."

The hackers are linked to a group called Citrine Sleet, known for its activities against the crypto industry and believed to be associated with Bureau 121, the cyber warfare arm of North Korea’s Reconnaissance General Bureau.

A recent UN Security Council report noted that North Korean hackers have stolen $3 billion in cryptocurrency assets in 58 suspected cyberheists over the past seven years.

The U.S. government has warned that North Korean hackers will continue to exploit vulnerabilities in crypto firms, gaming companies, and exchanges to generate and launder funds.

Citrine Sleet mainly targets financial institutions managing crypto, using a unique trojan malware called AppleJeus to collect information needed to seize control of crypto assets.

Microsoft confirmed it had notified the customers who were targeted or compromised and provided them with information to secure their systems but did not disclose the identities or number of potential victims.

The group's latest attack adds to North Korea's long history of cyber-attacks aimed at funding its regime, especially by targeting sectors involving digital currencies.

Microsoft’s report emphasises the continuous threat posed by state-sponsored hackers like Citrine Sleet, particularly those focused on financial gain from the cryptocurrency sector.

The attack reflects the increasing sophistication of North Korean hacking groups, which are known for their ability to rapidly exploit vulnerabilities in widely used software platforms.

As cybersecurity firms and governments respond to these threats, crypto firms are urged to strengthen their defenses against malware and phishing attacks, which remain popular tactics among these groups.