North Korean hackers actively exploited a critical Chromium zero-day
- by nlqip
The report added that the FudModule rootkit has historically been shared between Citrine Sleet and Diamond Sleet (formerly Zinc), another North Korean threat actor known to target media, defense, and information technology (IT) industries globally.
RCE to deliver FudModule
The report explained that victims were directed to a Citrine Sleet-controlled exploit domain voyagorclub[.]space. While the exact method used for directing the victims is unknown, Social Engineering is suspected as it is a common Citrine Sleet technique. Once a target is connected to the domain, the zero-day RCE exploit for CVE-2024-7971 is achieved.
“After the RCE exploit achieved code execution in the sandboxed Chromium renderer process, shellcode containing a Windows sandbox escape exploit and the FudModule rootkit was downloaded, and then loaded into memory,” Microsoft added in the report.
Source link
lol
The report added that the FudModule rootkit has historically been shared between Citrine Sleet and Diamond Sleet (formerly Zinc), another North Korean threat actor known to target media, defense, and information technology (IT) industries globally. RCE to deliver FudModule The report explained that victims were directed to a Citrine Sleet-controlled exploit domain voyagorclub[.]space. While the…
Recent Posts
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches
- Firefox Zero-Day Under Attack: Update Your Browser Immediately
- Internet Archive hacked, data breach impacts 31 million users
- CISA says critical Fortinet RCE flaw now exploited in attacks
- Crypto-stealing malware campaign infects 28,000 people