As a researcher who has spent years studying cybersecurity threats and their implications, I find it alarming yet unsurprising to witness the Lazarus Group’s continued exploitation of zero-day vulnerabilities, particularly in widely used software like Google Chrome. Having seen the devastating effects of such attacks on numerous occasions, I can’t help but feel a sense of deja vu when reading about these incidents.
Once more, the cybercriminal group from North Korea known as Lazarus Group has gained notoriety by taking advantage of an unpatched flaw (zero-day vulnerability) in Google’s Chrome web browser. This action presents a considerable risk to individuals who use cryptocurrencies.
The notorious gang, recognized for carrying out significant cryptocurrency heists, leveraged a vulnerability to plant surveillance software onto their targets’ devices, thereby stealing access details to cryptocurrency wallets.
Kaspersky Team Detects Exploit
Researchers from Kaspersky Labs discovered that the cybercriminal group known as Lazarus Group disguised an aggressive attack behind a supposed play-to-earn blockchain game named DeTankZone (or DeTankWar). This multiplayer online battle arena game, where non-fungible tokens (NFTs) served as tanks, was marketed on social media networks such as LinkedIn and X (previously Twitter). Despite its legitimate appearance, the game concealed a malicious script in its code that targeted a Chrome vulnerability. A simple visit to the site would initiate the infection, granting attackers complete control over the user’s device.
As an analyst, I’ve come across some interesting findings regarding a cyber threat that surfaced on May 13, 2024. This was when my security systems identified a Manuscrypt infection in a Russian individual’s computer. Recognizing its potential danger, I promptly reported this exploit to Google, who responded admirably by swiftly patching the underlying vulnerability.
High-Stakes Cyber Campaign
Kaspersky Lab’s primary security specialist, Boris Larin, commented on the grandeur and intensity of this cyberattack, expressing his thoughts on its magnitude.
Reflecting on the considerable resources poured into this campaign, it’s evident that lofty aspirations were at play. The potential reach of these efforts could stretch far and wide, influencing not just individual users globally, but also impacting businesses on a large scale.
Lazarus Group’s approach involved leveraging a hidden flaw in software (referred to as a zero-day vulnerability), which the software developers were not aware of while it was being exploited. This was the seventh such vulnerability found in Chrome during 2024, indicating that cybercriminals are increasingly concentrating on attacking popular browsers with their attacks.
Google’s Response and Broader Implications
Google acted swiftly by fixing the vulnerability in just 12 days, as well as taking extra precautions such as banning the DeTankZone site and others connected with the campaign. Now, users trying to access these sites receive a warning about their dangerous nature, regardless of whether they’re using Kaspersky software or not.
The increasing occurrence of zero-day attacks, like those carried out by the Lazarus Group, underscores an escalating security issue. Zero-day weaknesses are especially threatening because they remain unaddressed for a duration, rendering even the most recently updated systems susceptible. This type of attack bears resemblance to another exploit that happened earlier in 2024, when yet another North Korean hacking group took advantage of a distinct Chrome vulnerability to focus on cryptocurrency holders.
Read More
Sorry. No data so far.
2024-10-24 16:05