Google Spots North Korean Hackers Using Chrome Browser Exploit on US Targets

pcmag.com:

Earlier this year, North Korean hackers were using a critical vulnerability in the Chrome browser to target victims in the US, according to Google. 

On Thursday, the company provided more details about the vulnerability, CVE-2022-0609, which was patched in Chrome last month. At the time, Google offered little details about the “high” severity flaw, but warned it was being exploited. 

The company now says CVE-2022-0609 was able to trigger remote code execution on the Chrome browser, which hackers likely used to load malware onto a computer. 

Google also uncovered evidence that two North Korean, state-sponsored hacking groups began exploiting the vulnerability on Jan. 4. “We observed the campaigns targeting US-based organizations spanning news media, IT, cryptocurrency, and fintech industries. However, other organizations and countries may have been targeted,” Google security researcher Adam Weidemann wrote in a company blog post. 

The first group, dubbed Operation Dream Job, targeted “over 250 individuals working for 10 different news media, domain registrars, web hosting providers, and software vendors,” he added. To do so, the hackers resorted to sending fake job offers through email that pretended to come from companies including Disney, Google, and Oracle.

These emails contained links that spoofed legitimate job-hunting websites, including Indeed, ZipRecruiter, and Disney’s career page. But in reality, the websites were booby-trapped to trigger the CVE-2022-0609 vulnerability in Chrome.

The second North Korean group, dubbed Operation AppleJeus, tried to hack over 85 users in the cryptocurrency and fintech industries. This involved compromising at least two real fintech company websites and using hidden iframes within