Lazarus APT’s Cyberattack on Crypto Investors Discovered by Kaspersky
The Lazarus Advanced Persistent Threat (APT) group was responsible for a sophisticated hack that was recently made public by Kaspersky’s Global Research and Analysis Team (GReAT) and targeted bitcoin speculators. Lazarus, which is well-known for its prior attacks on cryptocurrency platforms, has devised a plan to take advantage of gullible cryptocurrency investors via a phoney cryptogame website. It does this by using a zero-day vulnerability in Google Chrome to gain access to the victims’ digital wallets.
Google Chrome Zero-Day Vulnerability Exploitation for Spyware Distribution
The attackers installed spyware that could access wallet credentials by taking advantage of a zero-day vulnerability in Google Chrome. At the Security Analyst Summit 2024, Kaspersky’s finding was presented, showing how the assault took use of a flaw in Chrome to install spyware on customers’ computers with ease. Lazarus was able to get past security measures and obtain crucial wallet information from their targets thanks to this attack.
Lazarus Attack on Cryptocurrency Investors Reveals “Manuscrypt” Malware
Analysts from Kaspersky discovered activities connected to “Manuscrypt” malware in May 2024. Lazarus has used this tool in more than 50 prior attacks spanning a variety of businesses. A new degree of aggression and sophistication in targeting this high-stakes industry was demonstrated by the most recent attack against cryptocurrency investors, which included generative AI and sophisticated social engineering techniques.
Discovering Google Chrome’s V8 Bug and Zero-Day Exploits in Lazarus’s Approach
The Lazarus gang took advantage of two different flaws in Chrome, including a special type confusion issue in Chrome V8 and Google’s WebAssembly and JavaScript engines. The cybersecurity community became more vigilant after Kaspersky alerted Google to this recently discovered vulnerability, which is now known as CVE-2024-4947. Lazarus circumvented Chrome’s security safeguards by taking use of this flaw, which allowed for arbitrary code execution and widespread malware propagation across devices.
Developing Trust: Influencer Engagement and Social Media Manipulation
With the help of phoney social media profiles on sites like X (previously Twitter) and LinkedIn, the attackers created a phoney gaming website that advertised international NFT tank contests. Lazarus even worked with bitcoin influencers to spread the malware and obtain access to their followers’ cryptocurrency wallets as part of this marketing approach, which helped establish legitimacy.
Professional Views: The Scope and Complexity of Lazarus’s Assault
The remarkable scope of Lazarus’s most recent operation, which involves creating a fully playable game as a vector to exploit the Chrome zero-day vulnerability, was highlighted by Boris Larin, Principal Security Expert at Kaspersky’s GReAT. Larin emphasised the dangers of the group’s extremely well-planned and tenacious tactics by saying, “With actors like Lazarus, even seemingly harmless actions—like clicking a link—can lead to complete system compromise.”
Cybercrime Covered by a Prototype Game
Kaspersky’s additional investigation showed that Lazarus had imitated a genuine game to give their phoney version legitimacy. After the fake game went live, they even stole $20,000 in cryptocurrency from the wallet of the real developers. This attention to detail, which includes changing the logo and making other graphic tweaks, demonstrates Lazarus’s commitment to making their fraudulent game look authentic in order to fool players into believing the fraudulent platform.
Generative AI’s Contribution to Increasing the Risk of Cyberattacks
The findings from Kaspersky highlight the increasing complexity of cyberthreats aimed at the cryptocurrency industry, especially with the use of generative AI to increase the legitimacy of fraudulent businesses. The Lazarus group’s use of artificial intelligence (AI)-generated identities and photos for social media purposes confirms the growing demand for sophisticated security measures in the IT and cryptocurrency sectors to thwart such attacks.
