Hackers backed by North Korea’s government exploited a critical Chrome zeroday in an attempt to infect the computers of hundreds of people working in a wide range of industries, including the news media, IT, cryptocurrency, and financial services, Google said Thursday.
The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. They both deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for the express purpose of serving attack code on unsuspecting visitors. One group, dubbed Operation Dream Job, targeted more than 250 people working for 10 different companies. The other, known as AppleJeus, targeted 85 users.
Dream jobs and cryptocurrency riches
“We suspect that these groups work for the same entity with a shared supply chain, hence the use of the same exploit kit, but each operate with a different mission set and deploy different techniques,” Adam Weidemann, a researcher on Google’s threat analysis group, wrote in a post. “It is possible that other North Korean government-backed attackers have access to the same exploit kit.”