Social engineering schemes have been leveraged by Citrine Sleet to lure targets into visiting a website that triggered the exploit, which enables not only the deployment of the rootkit but also of a shellcode for the Windows kernel privilege escalation vulnerability, tracked as CVE-2024-38106.
Article Link: Chromium zero-day leveraged by North Korean hackers | SC Media