North Korean hackers actively exploited a critical Chromium zero-day
- by nlqip
The report added that the FudModule rootkit has historically been shared between Citrine Sleet and Diamond Sleet (formerly Zinc), another North Korean threat actor known to target media, defense, and information technology (IT) industries globally.
RCE to deliver FudModule
The report explained that victims were directed to a Citrine Sleet-controlled exploit domain voyagorclub[.]space. While the exact method used for directing the victims is unknown, Social Engineering is suspected as it is a common Citrine Sleet technique. Once a target is connected to the domain, the zero-day RCE exploit for CVE-2024-7971 is achieved.
“After the RCE exploit achieved code execution in the sandboxed Chromium renderer process, shellcode containing a Windows sandbox escape exploit and the FudModule rootkit was downloaded, and then loaded into memory,” Microsoft added in the report.
Source link
lol
The report added that the FudModule rootkit has historically been shared between Citrine Sleet and Diamond Sleet (formerly Zinc), another North Korean threat actor known to target media, defense, and information technology (IT) industries globally. RCE to deliver FudModule The report explained that victims were directed to a Citrine Sleet-controlled exploit domain voyagorclub[.]space. While the…
Recent Posts
- A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
- CISA Adds One Known Exploited Vulnerability to Catalog | CISA
- Xerox To Buy Lexmark For $1.5B In Blockbuster Print Deal
- Vulnerability Summary for the Week of December 16, 2024 | CISA
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict