The Crypto Game of North Korea: Stealing Money with Chrome 0-days

In May 2024, we discovered a sophisticated malware campaign by North Korean hackers that exploited zero-day vulnerabilities in Google Chrome to attack companies and individuals associated with the cryptocurrency industry. In short, the attackers plan was to lure the victims from the targeted group to a malicious website, silently attack their web browsers, install malware, and ultimately steal personal information and money. North Korean hackers are known to use this style of targeted attacks, they have carried out a couple of similar campaigns in the past, but their methods are constantly improving and they are always coming up with something new that sometimes really impresses us. So, for this campaign, they developed a very elegant and reliable Google Chrome exploit that allowed them to achieve RCE and break out of the V8 sandbox using a chain of two logical vulnerabilities. What’s more, this time the attackers came up with a crazy social engineering tactic to lure victims to the malicious site - they built their own online game and used it as bait, promoting it for months through social media!

In this presentation, I will share:

• A comprehensive analysis of the Google Chrome 0-day exploit used by the attackers
• Details of the first ever (?) North Korean online game
• Social engineering tactics of attackers (security researchers are one of the main targets of North Korean hackers, so knowing their tactics is a must)