North Korean Threat Actors Exploiting Known Zero-Day In Google Chrome

Industries impacted: Communication Services, Financials, Information Technology

On 24 March, Google’s Threat Analysis Group (TAG) reported about campaigns discovered in February 2022, which are attributed to two unnamed North Korean threat actor groups, and exploited a remote code execution zero-day vulnerability (CVE-2022-0609) in Google Chrome. Reportedly, the activity of the groups are publicly tracked as two previously known campaigns, Operation Dream Job and Operation AppleJeus. Google previously released a patch to address the vulnerability as part of Stable Channel Update for Desktop in February.

Rollups:

Industries impacted: Consumer Discretionary, Government, Information Technology

• Threat Actors Launch New PurpleFox Campaign With Evolved Tools And Evasion Techniques
• Sophos Patches Critical Remote Code Execution Flaw in its Firewall
• Threat Actors Exploit a Remote Code Execution Vulnerability in Redis Servers
• SunCrypt Ransomware Updated with New Functionality, with Ransomware Operators Launching Triple Extortion Attacks
• New PlugX Variant Observed Targeting Telecommunications and Defense Sector in South Asia
• Multiple Microsoft Azure Defender for IoT Vulnerabilities Allow Remote Code Execution, Patches Released in December
• Google Issues Out-of-Band Patch For Chrome Zero-Day Vulnerability Being Actively Exploited

Geo Highlights

Ukraine Update: Achieving Complete Ceasefire Unlikely, New APT and Nation State Activity, and Hacktivism Continues

Industry impacted: Government

A potential peace agreement between Russia and Ukraine seems unlikely in the short and medium term. Regarding the impact of the conflict on EU countries, general inflation and shortages of certain commodities are already impacting all EU economies. Companies halting production due to high energy prices and shortages of certain commodities are likely to continue as Ukraine invasion goes on, and could intensify if Russia decides to halt energy exports to EU countries or demands the payment of commodities in roubles.

As for the cyber threat landscape, based on the continuity of events observed this week, we assess the overall cyber threat level remains medium for EU organizations. While activity in Ukraine will likely remain kinetic for the foreseeable future, long-reaching retaliation efforts by Russia will likely target NATO and Ukrainian allies. Considering Russia’s economic decline, the possibility of new retaliatory and financially motivated attacks increases.

Rollups:

Industries impacted: Energy, Financials, Government

• US and European Commission Announce Trans-Atlantic Data Privacy Framework
• Several Countries Announce Contingency Plans to Prepare for Potential Economic Fallout from War in Ukraine
• US, Chinese, Russian, and Pakistani Representatives Meet to Discuss Issues in Afghanistan
• Russia Reportedly Creating Alternative Transaction Systems with India and Iran