Microsoft identified North Korean exploitation of Chromium zero-day CVE-2024-7971 on August 19, 2024, targeting the cryptocurrency sector for financial gain. The company attributes the activity to a North Korean actor with high confidence and to Citrine Sleet with medium confidence, noting shared tooling and infrastructure with Diamond Sleet around the FudModule rootkit. The attack chain directed targets to the actor-controlled domain voyagorclub.space, served a V8 type confusion RCE exploit, downloaded shellcode with a Windows sandbox escape for CVE-2024-38106, and loaded FudModule in memory. Microsoft describes Citrine Sleet as a North Korea-based actor focused on cryptocurrency organizations and individuals, using fake trading platforms, job lures, weaponized wallet or trading apps, AppleJeus malware, and now shared FudModule tooling.