Google’s Threat Analysis Group recently discovered North Korean government-backed hackers who tried to exploit a zero-day vulnerability in google Chrome, granting them access to people’s devices. The company has since then patched the security flaw.
In an official blog post, Adam Weidemann, Director of Engineer at Google, claimed that the flaw was being exploited since January 4th. The post described in detail how the bug was exploited for both intelligence and financial attacks over weeks.
The two groups were codenamed Operation Dream Job and Operation Apple Jeus, and targeted “U.S. based organizations spanning news media, IT, cryptocurrency and fintech industries.” The groups exploited a use-after-free bug in Chrome known as CVE-2022-0609. The vulnerability lets attackers place malicious code inside vulnerable memory locations allowing remote code execution.
The groups are suspected to have been created by the authoritarian regime to carry out operations that would help boost North Korea’s government resources.