North Korean Lazarus Group Exploits Chrome Vulnerability for Cyber Attack
In a striking development in the world of cybersecurity, the notorious North Korean hacker group, known as the Lazarus Group, has been implicated in a significant cyber attack exploiting a zero-day vulnerability in Google’s Chrome browser. This exploitation involved creating a fraudulent blockchain-based game that was used to install spyware, enabling the theft of users' wallet credentials.
Details of the Cyber Attack
The game, named DeTankZone (also referred to as DeTankWar), was designed as a play-to-earn multiplayer online battle arena, where non-fungible tokens (NFTs) served as tanks in global competitions. Despite being fully playable, the game was advertised primarily on professional networks such as LinkedIn and social media platforms like X, and users fell victim to it simply by visiting the website, even without downloading the game.
Detection and Response from Security Experts
Experts from Kaspersky Labs detected the exploit in May 2024 and promptly informed Google of the critical vulnerability in their browser. This marked the seventh zero-day vulnerability discovered in Chrome for the year, highlighting the ongoing risks associated with such incidents. Following the report, Google acted quickly, deploying a patch within a 12-day timeframe to mitigate the risks associated with the vulnerability, which was attributed to a type confusion bug within the V8 JavaScript engine.
The Malware Behind the Attack: Manuscrypt
The malware utilized in this cyber assault was identified as Manuscrypt. According to Boris Larin, a principal security expert at Kaspersky, the depth of the operation suggests considerable resources and planning, indicating that the attackers have far-reaching ambitions that could impact users and businesses globally.
Involvement of Microsoft Security
Prior to Kaspersky's findings, Microsoft Security had flagged the fake game as early as February 2024. Initially, the exploit was removed from the site before Kaspersky could perform a thorough analysis, yet the laboratory's prompt notification to Google was instrumental in addressing the looming threat.
The Broader Context of Cyber Attacks by Lazarus Group
The Lazarus Group has a well-documented history of targeting cryptocurrency. From 2020 to 2023, they successfully laundered over $200 million through 25 hacks, according to crypto crime analyst ZachXBT. They were also implicated in the infamous Ronin Bridge attack, which resulted in the theft of $600 million worth of cryptocurrency in 2022, as highlighted by the US Treasury Department.
Moreover, a report by US cybersecurity firm Recorded Future noted that North Korean hackers, collectively, managed to steal over $3 billion in cryptocurrency between 2017 and 2023, underscoring the severe and ongoing threat posed by such groups.
Conclusion
The recent exploitation of the Chrome vulnerability by the Lazarus Group serves as a stark reminder of the evolving landscape of cyber threats targeting digital assets. With ongoing advancements in cyber warfare techniques, it is essential for individuals and businesses to remain vigilant and updated on security protocols to safeguard their online presence.
Leave a comment
All comments are moderated before being published.
This site is protected by hCaptcha and the hCaptcha Privacy Policy and Terms of Service apply.