Google TAG reported two North Korean government-backed groups exploiting Chrome CVE-2022-0609 before and shortly after the February 2022 patch. One campaign aligned with Operation Dream Job targeted more than 250 people at U.S.-based news media, domain registrar, web hosting, and software vendors using recruiter-themed emails and spoofed job sites that served the exploit kit through hidden iframes. A second Operation AppleJeus campaign targeted more than 85 cryptocurrency and fintech users by compromising fintech sites and using fake cryptocurrency sites to route visitors to the same kit. The exploit chain fingerprinted browsers, served a Chrome RCE when conditions matched, encrypted stages with session-specific keys, and used safeguards such as one-time links and time-limited iframe delivery; TAG noted infrastructure overlap and shared exploit supply-chain indicators among DPRK operators.