Microsoft Says North Korean Hackers Behind Chrome Security Flaw and Cryptocurrency Theft
In a recent announcement, Microsoft revealed that a group of North Korean hackers, known as “BlueNoroff,” is responsible for using a flaw in Google Chrome to steal cryptocurrency. These hackers have been targeting companies that deal with digital currencies, leading to major losses.
The problem came from a “zero-day” vulnerability in the Chrome browser. A zero-day flaw is a security hole that hasn’t been discovered or fixed by the software maker yet. Hackers use these flaws to break into systems before anyone knows there’s an issue. In this case, the hackers took advantage of the Chrome vulnerability to access and steal cryptocurrencies from targeted companies.
How the Hackers Exploited Chrome’s Flaw
Microsoft explained that BlueNoroff used this flaw in Chrome to infect the computers of cryptocurrency companies. They did this by sending fake emails that looked legitimate, tricking employees into clicking on malicious links. Once the employees clicked the links, the hackers could take over their systems, stealing important information like digital wallet details and private keys to access cryptocurrency funds.
The attackers also used malicious browser extensions to keep control over the infected systems. From there, they quickly transferred cryptocurrency funds from the companies to accounts controlled by North Korea.
Who Are the Hackers?
BlueNoroff is part of a larger group known as the Lazarus Group, which is closely tied to the North Korean government. Over the years, this group has been involved in many cybercrimes, often focusing on stealing money to fund the country’s operations. One of their most famous attacks was the 2016 Bangladesh Central Bank heist, where they stole $81 million.
This time, the group is focusing on cryptocurrency, which is harder to trace and increasingly valuable. North Korea has reportedly been using stolen digital currencies to support its government and bypass international sanctions.
What Microsoft is Doing About It
Microsoft has already released a fix for the Chrome flaw, working closely with Google to make sure systems are protected. The company also provided advice to businesses, especially those dealing with cryptocurrency, to help keep them safe from future attacks.
Here are some recommendations:
- Update your software: Make sure Chrome and other programs are always updated with the latest security patches to fix known vulnerabilities.
- Be careful with emails: Since these hackers rely on tricking people through phishing emails, it’s important to have strong email filters and teach employees to recognize suspicious messages.
- Use multi-factor authentication (MFA): MFA adds an extra layer of security, making it harder for hackers to access accounts, even if they get login details.
- Monitor your accounts: Regularly check for any unusual or suspicious activity in your cryptocurrency transactions.
This new cyberattack by North Korean hackers shows how serious the threats to cryptocurrency companies are becoming. By exploiting flaws like the one in Chrome, groups like BlueNoroff are able to steal large sums of money, which is used to fund the North Korean government.
To stay safe, businesses in the digital currency industry need to be extra careful. Updating software, strengthening email defenses, and monitoring accounts are all essential steps to protect against these sophisticated cyberattacks.
By taking these precautions, companies can reduce the risk of falling victim to these types of cybercrimes and protect their valuable assets. The need protection rises after this leak, leaks like this can be chained and finally lead to ransomware attack in an organization. Check out more about how to defend from a Ransomware in our previous episode.
