South Korean cyber spy group is behind zero-day vulnerabilities in Google Chrome4. April 2020
South Korean cyber spy group is behind zero-day vulnerabilities in Google Chrome
New York, 4.4.2020
A South Korean cyber-spying group appears to be behind an attack campaign that exploited zero-day vulnerabilities in Google Chrome to target North Koreans, according to an analysis by the Google Threat Analysis Group.
The five zero-day bugs exploited by the group were in Google Chrome and Microsoft Internet Explorer and Windows.
“To find so many zero-day attacks by the same player in a relatively short time frame is rare,” said TAG researcher Toni Gidwani. Exploits include phishing attacks with malicious attachments or links, as well as waterhole attacks based on infecting websites frequently visited by targets.
While the TAG did not identify the cyber-spy group, Kaspersky Lab told Wired that the group appears to be linked to DarkHotel, which is suspected of cooperating with the South Korean government.