In February, Google’s Threat Analysis Group detected a pair of North Korean hacker squads known as Operation Dream Job and Operation AppleJeus using a remote code execution vulnerabilities in the Chrome web browser, according to Google’s Threat Analysis Group.
The blackhatters allegedly targeted the US news media, IT, crypto, and fintech businesses, with evidence of their assaults dating back to January 4th, 2022, however the Threat Analysis Group cautions that firms outside of the US may have also been targets.
“We assume both organisations work for the same entity with a similar supply chain, resulting in the usage of the same attack kit,” the Google team stated. “However, each operates with a separate mission set and employs different methodologies.”
Operation Dream Job targeted 250 workers across ten firms with phoney job offers from companies like Disney and Oracle, which were received from accounts posing as Indeed or ZipRecruiter. The exploit would be triggered by clicking on the link, which would start a hidden iframe.
Operation AppleJeus, is from the other hand, used the same exploit kit to target over 85 users in the bitcoin and financial industries. According to Google’s security experts, this operation comprised “compromising at least two legitimate finance firm websites and hosting hidden iframes to provide the exploit kit to visitors.” “In other situations, we discovered bogus websites containing iframes and directing users to the exploit kit, which had already been set up to spread trojanized bitcoin programmes.”
“At first, the kit sends some deeply disguised javascript that is used to fingerprint the target machine,” the researchers explained. “This script gathered all accessible client data, including user-agent, resolution, and so on, and delivered it back to the exploitation server. The client would be provided a Chrome RCE exploit and some more javascript if a set of unknown prerequisites were satisfied. If the RCE was successful, the javascript would ask for the next stage, which is referred to in the script as ‘SBX,’ which stands for Sandbox Escape.”
The behaviour was identified on February 10th by the Google security team, and it was fixed by February 14th. All of the discovered URLs and domains have been added to the company’s Safe Browsing database, and all of the targeted Gmail and Yahoo accounts have been alerted.
Since 2007, there have been 200 cyber attacks on financial institutions, and this timeline may be sorted by nation, area, year, attribution, event type, and actor type. In recent years, cybersecurity threats to the financial sector have increased, in part due to a worsening cyber threat landscape; in particular, state-sponsored cyberattacks against financial institutions have become more common, sophisticated, and devastating. The G20 warned in 2017 that cyberattacks might “undermine security and confidence, putting financial stability at risk.”
Carnegie’s Cyber Policy Initiative updated this timeline with data from BAE Systems’ Cyber Threat Intelligence team to maintain pace of the threat landscape’s change. The timeline was created to offer insight into significant patterns rather than to chronicle every single occurrence.
Please visit more on https://geeksultd.com
