Google: Two North Korean hacker groups attacked US companies

Spread the love

Google’s Threat Analysis Group has discovered that two North Korean hacker collectives carried out attacks on American companies last month. They did that by exploiting a vulnerability in Chrome. The vulnerability has been closed since last month.

According to Google’s Threat Analysis Group the two groups worked for the same client, presumably the North Korean government, and are using the same exploit kit to exploit a vulnerability in Chrome, CVE-2022-0609. Both groups had different objectives and methods. According to Google, the vulnerability was on February 14 poem.

The first hacker collective undertook an attack called Operation Dream Job targeting more than 250 employees from media companies, web hosting companies and software companies. The employees received an email containing a job offer from Disney, Google or Oracle. The email appeared to come from job boards such as Indeed or ZipRecruiter, and when the victim clicked the link to the job reference, he was presented with a spoofed website in which a hidden iframe started loading an exploit kit.

With Operation AppleJeus, the second hacker collective targeted 85 users in the cryptocurrency and fintech industry. It used the same exploit kit as the first group, according to Google. According to Google, two fintech companies were affected, allowing the hackers to load hidden iframes on the landing pages of those websites. Malicious websites were also hosted on which Trojan horses were distributed and the same iframes were active. Those iframes also referenced the same exploit kits.

Google’s security researchers found that the exploit kits loaded a JavaScript script to fingerprint affected users’ computers. The script collected information about the device and then forwarded it to a server. If certain criteria were met, an exploit for a Chrome vulnerability was sent. If the system could be accessed, another script was sent which enabled a sandbox escape and further access to the device. Google’s researchers were unable to determine what actions the exploit performed after that. They determined that the hackers took several measures that made it very difficult to gain insight into the further course of the attack.

Email the hackers used during Operation Dream Job

You might also like