North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit.

Citrine Sleet targets financial institutions, focusing on cryptocurrency organizations and associated individuals, and has been previously linked to Bureau 121 of North Korea’s Reconnaissance General Bureau.