North Korean Hackers Exploit Chromium Zero-Day To Target Cryptocurrency Sector - 1

Image by Azamat Bohed, from Flickr

North Korean Hackers Exploit Chromium Zero-Day To Target Cryptocurrency Sector

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

A North Korean threat actor has been exploiting a zero-day vulnerability in Chromium to target cryptocurrency organizations for financial gain, according to a report published today by Microsoft.

The vulnerability, identified as CVE-2024-7971, allows attackers to execute remote code on compromised systems.

Microsoft has attributed the attack to Citrine Sleet , a North Korean threat actor known for primarily targeting financial institutions, especially those involved in cryptocurrency. The group engages in extensive reconnaissance of the cryptocurrency sector, and employs sophisticated social engineering tactics.

These tactics include creating fake websites that mimic legitimate cryptocurrency trading platforms to distribute malicious software, such as fake job applications or weaponized cryptocurrency wallets.

The attack chain involved exploiting the Chromium vulnerability, executing malicious code, and deploying the FudModule rootkit. This rootkit is a sophisticated piece of malware that can evade detection and grant attackers elevated privileges on compromised systems.

It has been in use since 2021, with its earliest variant exploiting vulnerable drivers to gain admin-to-kernel access, a technique known as “bring your own vulnerable driver”.

The FudModule rootkit, previously attributed to Diamond Sleet, another North Korean threat actor, suggests a potential sharing of tools or infrastructure between the two groups, as reported by Microsoft.

To mitigate the threat, Microsoft recommends updating systems with the latest security patches, enabling Microsoft Defender for Endpoint’s tamper protection and network protection features, and running EDR in block mode. Additionally, customers should be vigilant of suspicious activity and report any unusual occurrences to their security teams.

Additionally, Microsoft provides detailed detection guidance and hunting queries for customers to identify and respond to related threats within their networks.

Jam & Tea Studios Launches AI-Driven NPCs In New Game ‘Retail Mage’ - 2

Image by RDNE Stock project, from Pexels

Jam & Tea Studios Launches AI-Driven NPCs In New Game ‘Retail Mage’

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor

Jam & Tea Studios , a gaming startup founded by industry veterans, announced today that it is introducing generative AI to enhance interactions with non-playable characters (NPCs) in its new game, Retail Mage, as first reported by TechCrunch .

In Retail Mage, players assume the role of a wizard working in a magical furniture store, where they can choose to assist customers or create disorder. Unlike traditional NPCs that follow scripted interactions, the AI-powered characters in Retail Mage can engage in unscripted conversations.

Additionally, the game allows for interaction with objects, AI item creation, and spontaneous activities such as playing hide-and-seek with NPCs. Furthermore, the AI enables NPCs to respond unpredictably to player actions, contributing to a more varied experience.

The use of AI in gaming is becoming more widespread, with companies like Nvidia also exploring AI-driven NPCs. Ubisoft , for example, has developed a tool called “Ghostwriter” to automate NPC dialogue in some of its games, as reported by TechCrunch.

However, the increasing reliance on AI has raised concerns within the creative community, particularly among voice actors and writers, who fear that AI could threaten jobs and creative control. These concerns recently led to a strike by SAG-AFTRA , the union representing many of these workers, against major game publishers.

Jam & Tea Studios acknowledges these concerns and states that they are taking a cautious approach to AI integration. The company emphasizes that while AI can generate dialogue and interactions, human creatives remain essential for shaping the game’s narrative and emotional impact.

“It’s especially frustrating to see so much oxygen in the room getting consumed by folks who pit AI innovations against creative folks, when there is so much potential for it to unlock new kinds of storytelling and creative expression,” said in a post M. Yichao, co-founder and chief creative officer of Jam & Tea.

He adds, “As AI gets better and better at producing content, the need and hunger for human ingenuity, creativity, and specificity will only increase. Writing naturalistic copy or creating a believable stock photo is very different from composing an experience across mediums that resonates yet surprises, that feels fresh and new, yet inviting and familiar.’’

However, the use of AI in NPCs is not without challenges. One significant issue is AI unpredictability, where NPC behavior can become erratic, leading to a frustrating player experience. Furthermore, AI systems can produce incorrect or nonsensical responses, as reported by TechCrunch.

Despite these challenges, Retail Mage demonstrates the potential for AI to create a flexible and engaging gameplay. TechCrunch notes that in one play-test, an NPC spontaneously initiated a game of hide-and-seek with the player, showcasing the possibilities of emergent behavior that AI can offer.

Retail Mage is expected to launch later this fall, with the company planning to charge $15 for the game and offer additional content for purchase. While the game itself is relatively simple, Jam & Tea Studios sees it as an early step in exploring the broader applications of AI in gaming, as reported by TechCrunch.

The startup is also working on a more complex project, tentatively named “Project Emily,” which aims to further expand on the technology introduced in Retail Mage, as noted by TechCrunch.