| Category | Details |
|---|---|
| Threat Actors | Lazarus APT, BlueNoroff subgroup |
| Campaign Overview | Attackers used a fake decentralized finance (DeFi) NFT-based tank game website to distribute malware. The website exploited a zero-day vulnerability in Google Chrome to gain control over the victim’s PC. |
| Target Regions (Or Victims) | Government entities, diplomatic bodies, financial institutions, military contractors, cryptocurrency platforms, IT operators, gaming companies, universities, media outlets, casinos, security researchers |
| Methodology | Exploit delivered via a website with a disguised game. The exploit targeted a zero-day vulnerability (CVE-2024-4947) in Google Chrome to execute remote code and gain control over the victim’s PC. |
| Product Targeted | Google Chrome |
| Malware Reference | Manuscrypt (backdoor malware used by Lazarus APT) |
| Tools Used | TypeScript/React (for the malicious website), JavaScript (for the exploit), Google Chrome (targeted product) |
| Vulnerabilities Exploited | CVE-2024-4947: Vulnerability in Chrome’s V8 compiler pipeline, allowing remote code execution by bypassing the V8 sandbox |
| TTPs | Malicious website serving a game as a bait, browser exploit targeting Chrome’s V8 engine, remote code execution |
| Attribution | Lazarus APT, BlueNoroff subgroup (North Korea) |
| Recommendations | Users should update Google Chrome to the latest version (patched version includes CVE-2024-4947 fix). |
| Source | Securelist by Kaspersky |
Read full article: https://securelist.com/lazarus-apt-steals-crypto-with-a-tank-game/114282/
The above summary has been generated by an AI language model
Related posts:
North Korea allegedly targeting crypto businesses with Mac-focused malware
China-linked hackers tasked with Japanese targets pursue them through Europe
China-linked group hacked Tibetan media and university sites to distribute Cobalt Strike paylad
UK drinking water supplies disrupted by record number of undisclosed cyber incidents
Leave a Reply