A sophisticated cyber campaign orchestrated by North Korea’s notorious Lazarus Group has been uncovered, utilizing a fake game website, a patched Chrome zero-day bug, professional LinkedIn accounts, AI-generated images, and other deceptive tactics aimed at stealing from cryptocurrency users worldwide.
The elaborate scheme began in February, with the group employing multiple X accounts and manipulating cryptocurrency influencers to promote their malware-infected crypto game site.
Elaborate Campaign
Researchers at Kaspersky, who discovered the latest campaign, emphasized the persistent threat Lazarus poses to the cryptocurrency industry. The group’s utilization of generative AI signals a concerning evolution in their attack methods.
While the Lazarus group may not be as widely recognized as other cyber threat actors, their involvement in high-profile incidents like the WannaCry ransomware attack and the Bank of Bangladesh heist underscores their dangerous capabilities.
Analysts believe that Lazarus’ financially motivated attacks are aimed at supporting the North Korean government’s missile program through illicit means, including ransomware and cryptocurrency theft.
In their latest campaign, Lazarus has refined their social engineering tactics, luring victims to a fake product page for an NFT-based multiplayer tank game. The group used stolen source code to create the deceptive site.
A Chrome Zero-Day and a Second Bug
Kaspersky’s investigation revealed that the fake website exploited two Chrome vulnerabilities, including a zero-day bug (CVE-2024-4947) in Chrome’s V8 engine. Google addressed this critical flaw in May after being alerted by Kaspersky.
Another undisclosed Chrome vulnerability allowed Lazarus to escape the browser sandbox and deploy malicious payloads on compromised systems, including the Manuscrypt backdoor.
The Lazarus Group’s social engineering efforts in this campaign were particularly notable, leveraging fake accounts, AI-generated content, and cryptocurrency influencers to lend credibility to their scheme.
The attackers’ use of deception and manipulation underscores the ongoing threat posed by Lazarus Group and the need for heightened awareness and security measures in the cryptocurrency space.