Chromium Targeted by North Korean Hackers Using FudModule Rootkit

Published:

spot_img

The Rise of the FudModule Rootkit: A Deep Dive into the North Korean Cyberattack on Cryptocurrency Firms

A recent cyberattack carried out by a North Korean threat actor has shed light on the vulnerabilities present in Google’s Chromium browser. Microsoft uncovered the attack, which involved the deployment of the FudModule rootkit targeting cryptocurrency firms for financial gain.

The attack, orchestrated by the notorious group Citrine Sleet, exploited a zero-day vulnerability in Chromium tracked as CVE-2024-7971. This sophisticated operation aimed to infiltrate the cryptocurrency sector by using a type confusion vulnerability in the V8 JavaScript and WebAssembly engine in earlier versions of Chromium.

Citrine Sleet’s tactics began with social engineering, luring victims to a malicious domain where the zero-day exploit was executed, allowing for code execution within the sandboxed Chromium environment. Subsequently, the FudModule rootkit was deployed to establish a persistent backdoor access to compromised systems, enabling data theft and further malware deployment.

This rootkit, historically associated with the Lazarus Group, showcases advanced features such as kernel-level access through exploiting a zero-day vulnerability in the AppLocker driver. The rootkit’s evolution includes techniques like handle table entry manipulation, DKOM, and registry and object callback removal to evade detection and disable security mechanisms.

Microsoft has advised immediate system updates and the deployment of robust security solutions to mitigate the risks posed by such attacks. Educating employees on cybersecurity best practices, implementing network segmentation, and monitoring network traffic are also recommended to enhance overall security posture and reduce the likelihood of falling victim to similar cyber threats.

spot_img

Related articles

Recent articles

NSU Launches Cybersecurity Center to Enhance Research and Workforce Development in Bangladesh

North South University (NSU) has inaugurated its Cybersecurity Center to advance research, develop skilled professionals, and strengthen Bangladesh's resilience against emerging cyber threats. This...

Siemens ROX II Switches Vulnerable: Update to Firmware V2.17.1 to Mitigate CVE-2025-40948, CVE-2025-40947, and CVE-2025-40949 Exploits

Siemens has issued an advisory regarding three critical zero-day vulnerabilities (CVE-2025-40948, CVE-2025-40947, and CVE-2025-40949) affecting its ROX II operational technology (OT) switches. These vulnerabilities...

UK Regulator Launches Investigation into TikTok Age Verification Amid Strengthened Child Safety Measures

UK Regulator Launches Investigation into TikTok Age Verification Amid Strengthened Child Safety Measures The UK's communications regulator, Ofcom, has initiated a formal investigation into TikTok's...

Legacy Systems, Real-World Risks: Navigating the Challenges of OT Security

Legacy Systems, Real-World Risks: Navigating the Challenges of OT Security Operational Technology (OT) security presents unique challenges that differ significantly from traditional Information Technology (IT)...