Proofpoint cybersecurity experts: Groups from India, Russia and China exploit this technique. The files have low detection rate by public antivirus.
Kaspersky: An APT exploited a Google’s Chrome vulnerability to launch zero-day attack. The campaign has been dubbed as Operation WizardOpium. The profile of the targeted website is in line with earlier DarkHotel attacks
A new vulnerability for Google’s Chrome browser has been used in zero-day attacks. It has been discovered by Kaspersky cyber security experts who dubbed the cyber offensive as Operation WizardOpium. So far, they have been unable to establish a definitive link with any known threat actors. There are certain very weak code similarities with North Korea’s Lazarus attacks, although these could very well be a false flag. The profile of the targeted website is more in line with earlier DarkHotel attacks, that have recently deployed similar false flag attacks. It was a targeted spear-phishing spyware and malware-spreading campaign that appeared to be selectively attacking business hotel visitors through the hotel’s in-house WiFi network. The attacks were specifically targeted at senior company executives, using forged digital certificates, generated by factoring the underlying weak public keys of real certificates, to convince victims that prompted software downloads are valid.
The cyber security experts explain how cybercrime exploited the Google’s flaw to hit