North Korean threat actor Citrine Sleet exploiting Chromium zero-day

Sept. 2, 2024, 9:12 p.m.

Description

Microsoft identified a North Korean threat actor exploiting a zero-day vulnerability in Chromium, now identified as CVE-2024-7971, to gain remote code execution (RCE). Microsoft assess with high confidence that the observed exploitation of CVE-2024-7971 can be attributed to a North Korean threat actor targeting the cryptocurrency sector for financial gain.

External References

https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/
https://otx.alienvault.com/pulse/66d6243e0cb8d176b837e8ed
Tags
fudmodule
CVE-2024-7971
2024-09-02
diamond sleet
citrine sleet
hidden cobra

Date

  • Created: Sept. 2, 2024, 8:46 p.m.
  • Published: Sept. 2, 2024, 8:46 p.m.
  • Modified: Sept. 2, 2024, 9:12 p.m.

Indicators

  • weinsteinfrog.com
  • voyagorclub.space
Download all indicators here!

Attack Patterns

  • Kaolin
  • Citrine Sleet
  • T1014
  • T1176
  • T1496
  • T1036
  • T1553
  • T1195
  • T1068

Additional Informations

  • Gaming
  • Investment
  • Cryptocurrency
  • Technology
  • Financial
  • Government

Linked vulnerabilities

CVE-2023-42793

None
Published:

CVE-2024-21338

None
Published:

CVE-2024-38106

7.0
    Windows Kernel
Published: August 13, 2024

CVE-2024-38193

7.8
    Windows Ancillary Function Driver for WinSock
Published: August 13, 2024

CVE-2024-4947

None
    Google Chrome
  • Version(s): before 125.0.6422.60
Published: May 15, 2024

CVE-2024-5274

None
    Google Chrome
  • Version(s): before 125.0.6422.112
    chrome
  • Version(s):
Published: May 28, 2024

CVE-2024-7971

8.8
    Google
  • Chrome
Published: August 21, 2024