Latest Campaign Sees Lazarus Group Utilizing Chrome Zero-Day Bug

Published:

spot_img

North Korea’s Lazarus Group Strikes with Elaborate Crypto Theft Campaign

In the world of cybersecurity, the Lazarus Group is a name that strikes fear into the hearts of many. This notorious group, believed to be state-sponsored by North Korea, has once again reared its head in a sophisticated new campaign aimed at stealing from cryptocurrency users worldwide.

Using a combination of tactics that include a fake game website, a now-patched Chrome zero-day bug, professional LinkedIn accounts, AI-generated images, and social engineering tricks, the Lazarus Group has set its sights on unsuspecting victims in the cryptocurrency space. The group’s latest scheme involves a malware-infected crypto game site called detankzone.com, which lures users in with the promise of a multiplayer online tank game based on NFTs.

Kaspersky researchers have uncovered the elaborate nature of this campaign, which includes the use of exploit code for two Chrome vulnerabilities. One of these vulnerabilities, identified as CVE-2024-4947, was a zero-day bug in Chrome’s V8 browser engine that allowed the attackers to execute arbitrary code within a browser sandbox. Although Google has since patched this vulnerability, the Lazarus Group’s ability to exploit such flaws highlights the ongoing threat posed by this group.

Despite their nefarious activities, the Lazarus Group’s actions are believed to be driven by a desire to generate revenue for the North Korean government’s missile program. With a track record that includes high-profile attacks like the WannaCry ransomware outbreak and the $81 million heist at the Bank of Bangladesh, it is clear that this group poses a significant threat to both individuals and organizations involved in the cryptocurrency industry. As cybersecurity experts continue to uncover and combat their schemes, it is crucial for users to remain vigilant and stay informed about the latest cybersecurity threats.

spot_img

Related articles

Recent articles

Kanpur Woman Loses ₹4 Lakh in Matrimonial Gift Parcel Cyber Fraud

Kanpur Woman Loses ₹4 Lakh in Matrimonial Gift Parcel Cyber Fraud In a troubling incident from Kanpur, a woman has reportedly fallen victim to a...

Valu Launches Egypt’s First Instant Cashback Loyalty Program, Transforming Everyday Spending Rewards

Valu Launches Egypt’s First Instant Cashback Loyalty Program, Transforming Everyday Spending Rewards Cairo: Valu, a prominent financial technology firm in the Middle East and North...

Laser Attack Resets Tangem Wallet Passwords, Exposing Unpatchable Security Flaw

Laser Attack Resets Tangem Wallet Passwords, Exposing Unpatchable Security Flaw Researchers from Ledger's Donjon security team have uncovered a significant vulnerability in Tangem crypto wallet...

US Authorities Indict Lawrence Bishnoi and Goldy Brar, Elevating Criminal Network to Tier-1 Transnational Syndicate

US Authorities Indict Lawrence Bishnoi and Goldy Brar, Elevating Criminal Network to Tier-1 Transnational Syndicate In a significant escalation of international crime enforcement, the United...