Update Google Chrome ASAP To Avoid A Zero Day That Has Been In Exploited By North Koreans Hackers For Weeks

Now would be a very good time to update Google Chrome to version 98.0.4758.102 for Windows, Mac, and Linux because North Korean Hackers have been using this exploit for weeks to do semi-targeted attacks:

The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for the express purpose of serving attack code on unsuspecting visitors. One group was dubbed Operation Dream Job, and it targeted more than 250 people working for 10 different companies. The other group, known as AppleJeus, targeted 85 users.

This is bad. And fortunately it’s patched. Marcus Fowler, SVP Strategic Engagements and Threats at Darktrace had this comment:  

“Hackers backed by North Korea’s government exploited a critical zero-day, attempting to infect hundreds of computers. We should be very cautious about assuming this is tied to rising geopolitical tensions. While North Korea may be trying to take advantage of the US turning its attention to mainly focus on Russia, the two separate North Korean hacking groups who exploited the flaw seem to go back much further. Both Operation Dream Job and AppleJeus have focused on monetary gain — frequently the top priority with North Korean cyber operations.

Previously, Operation Dream Job used spearphishing emails to target specific employees with fake job offers from high-profile organizations. This timing is fascinating given the “Great Resignation” context and employees seeking more flexible jobs and leaving the workforce in droves. The other group, AppleJeus, targeted a cryptocurrency exchange. We have observed an increase in crypto mining attacks over the last few years, so this is also in line with broader hacking trends, not geopolitical happenings.” 

I would run and update your copy of Chrome ASAP to make sure that other threat actors don’t exploit this now that it is public.

Leave a Reply

%d bloggers like this: