• Send Us A Tip
  • Calling all Tech Writers
  • Advertise
Saturday, July 18, 2026
  • Login
TechStory
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
TechStory
No Result
View All Result
Home Business

North Korean hacking group exploits a previously unknown bug in Chrome to steal cryptocurrency

by Anochie Esther
August 31, 2024
in Business, News, Stories, Tech
Reading Time: 3 mins read
0
North Korean hackers

Image Credits: Techcrunch

TwitterWhatsappLinkedin

In a recent cyberattack, North Korean hackers leveraged an undisclosed flaw in Google Chrome to breach organizations and steal cryptocurrency. The attack, which took place in August 2023, was carried out by a group known as Citrine Sleet, notorious for its focus on the cryptocurrency industry. This event underscores the tenacious threat posed by state-sponsored hackers, especially from North Korea, who have increasingly turned to cryptocurrency theft as a way to bypass international penalty.

You might also like

NTSB: Tesla Driver Overrode Full Self-Driving Before Fatal Texas Crash

Honda to Exit U.S. EV Market in 2027 as Prologue Production Ends

Apple Widens OpenAI Trade Secret Fight With Preservation Letters To 40 Former Staff As Lawsuit Targets Hardware Theft

 The Zero-Day Vulnerability: A Race Against the Clock

The attack revolved around a zero-day vulnerability in Chromium, the open-source foundation of Chrome and other browsers like Microsoft Edge. A zero-day vulnerability is a software flaw that the vendor—in this case, Google—is unaware of, meaning they have no time to issue a patch before hackers utilize it.

Microsoft’s cybersecurity researchers reported the attack’s first signs on August 19, 2023. The hackers used the flaw to launch a targeted campaign against organizations within the cryptocurrency sector. Google responded quickly by patching the vulnerability within two days, on August 21. However, the hackers had already begun their operations, highlighting how critical timing is when dealing with zero-day exploits, which give attackers a narrow window to act before a fix is available.

Citrine Sleet: A Growing Menace

The group behind this attack, Citrine Sleet, is believed to operate from North Korea and has a track record of targeting financial institutions, especially those involved in cryptocurrency. This group’s actions are part of a bigger strategy by the North Korean regime to fund its nuclear weapons program through cybercrime.

Citrine Sleet used sophisticated social engineering tactics to penetrate their targets. According to Microsoft, the group created fake websites that appeared to be legitimate cryptocurrency trading platforms. These sites were used to distribute malware disguised as job applications or to entice victims into downloading compromised cryptocurrency wallets or trading apps. The malware, known as AppleJeus, is a custom trojan designed to take over the victim’s cryptocurrency assets.

The Attack Process: From Social Engineering to Deep System Control

The attack started by deceiving victims into visiting malicious websites under the hackers’ control. Once a target accessed one of these sites, the hackers utilized the Chrome vulnerability to gain initial entry to the victim’s computer. However, this was just the beginning of a more complex, multi-stage attack.

The hackers then took advantage of another vulnerability in the Windows operating system, allowing them to install a rootkit—a type of malware that grants attackers deep entry to the system—on the victim’s computer. With the rootkit installed, the hackers gained complete control over the victim’s machine, enabling them to steal sensitive data, such as cryptocurrency wallet credentials and private keys.

Cryptocurrency has become an increasingly attractive target for North Korean hackers. According to a United Nations Security Council report, the regime has stolen around $3 billion in cryptocurrency between 2017 and 2023. These stolen funds are believed to support North Korea’s nuclear weapons program, as the country faces strict international sanctions that limit its access to traditional financial resources.

The Citrine Sleet attack underscores the ongoing threat that state-sponsored hacking groups pose to the global financial system, particularly within the fast-evolving cryptocurrency market. As digital currencies become more integrated into the global economy, the risks associated with such cyberattacks continue to escalate.

This incident highlights the crucial need for vigilance and rapid response in the face of cybersecurity threats. While Google’s quick patching of the Chrome vulnerability mitigated some of the potential damage, the attack serves as a stark reminder that zero-day exploits remain a powerful tool for cybercriminals. Organizations, especially those in the financial sector, must be vigilant against emerging threats and ensure that their systems are continuously updated and protected against known vulnerabilities.

Furthermore, this attack emphasizes the importance of robust cybersecurity practices, including advanced threat detection and employee training to identify and avoid social engineering techniques. As state-sponsored hacking groups like Citrine Sleet develop more sophisticated methods, the global cybersecurity community must adapt and strengthen its defenses to effectively counter these threats.

The exploitation of a Chrome zero-day vulnerability by North Korean hackers is a clear indication of the growing threat landscape in today’s digital world. As state-sponsored groups increasingly resort to cybercrime to achieve their geopolitical aims, the importance of strong cybersecurity measures cannot be overstated. The Citrine Sleet incident serves as a crucial reminder for organizations worldwide to bolster their defenses and remain vigilant against the constant risk of cyberattacks.

Tags: #North Korean hackersMetatech
Tweet56SendShare16
Previous Post

Get the Apple iPhone 15 at Its Lowest Price Ever on Flipkart!

Next Post

Users reports a ‘sinister’-looking color change in the Facebook app logo black

Anochie Esther

Recommended For You

NTSB: Tesla Driver Overrode Full Self-Driving Before Fatal Texas Crash

by Samir Gautam
July 18, 2026
0
NTSB: Tesla Driver Overrode Full Self-Driving Before Fatal Texas Crash

New details released by the National Transportation Safety Board (NTSB) have shed fresh light on a fatal Tesla crash in Katy, Texas, suggesting that the vehicle's Full Self-Driving...

Read more

Honda to Exit U.S. EV Market in 2027 as Prologue Production Ends

by Samir Gautam
July 18, 2026
0
Honda to Exit U.S. EV Market in 2027 as Prologue Production Ends

Honda's electric vehicle journey in the United States is about to hit an unexpected pause. The automaker has confirmed that the Honda Prologue, its only fully electric model...

Read more

Apple Widens OpenAI Trade Secret Fight With Preservation Letters To 40 Former Staff As Lawsuit Targets Hardware Theft

by Rounak Majumdar
July 18, 2026
0
Apple Widens OpenAI Trade Secret Fight With Preservation Letters To 40 Former Staff As Lawsuit Targets Hardware Theft

Apple is not done with its legal offensive against OpenAI. One week after filing a blockbuster lawsuit in the Northern District of California accusing OpenAI and two former...

Read more
Next Post
Facebook

Users reports a 'sinister'-looking color change in the Facebook app logo black

Please login to join discussion

Techstory

Tech and Business News from around the world. Follow along for latest in the world of Tech, AI, Crypto, EVs, Business Personalities and more.
reach us at info@techstory.in

Advertise With Us

Reach out at - info@techstory.in

Aviator Game India 2026

BROWSE BY TAG

#Crypto #howto 2024 acquisition AI amazon Apple Artificial Intelligence bitcoin Business China cryptocurrency e-commerce electric vehicles Elon Musk Ethereum facebook funding Gaming Google India Instagram Investment ios iPhone IPO Market Markets Meta Microsoft News OpenAI samsung Social Media SpaceX startup startups tech technology Tesla TikTok trend trending twitter US

© 2025 Techstory.in

No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to

© 2025 Techstory.in

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?