Cyber Security

Lazarus Group Exploits Chrome Flaw in Latest Campaign

SeniorTechInfo
By SeniorTechInfo
3 Min Read
Lazarus Group Exploits Chrome Flaw in Latest Campaign

The Latest Cyber-Attack Unveiled: Lazarus Group Targets Google Chrome with Zero-Day Exploit

Recently, the notorious Lazarus Group, along with its BlueNoroff subgroup, made headlines with a new cyber-attack that exposed a critical vulnerability in Google Chrome.

Contents
The Latest Cyber-Attack Unveiled: Lazarus Group Targets Google Chrome with Zero-Day ExploitThe Exploit Details

Using a zero-day exploit, the group managed to gain complete control over infected systems, adding another sophisticated campaign to their long list of activities as a North Korean-backed threat actor.

The attack came to light when Kaspersky Total Security detected the presence of the Manuscrypt malware on a personal computer in Russia. This signature Lazarus tool has been in operation since 2013, participating in over 50 documented campaigns targeting various sectors such as governments, financial institutions, and cryptocurrency platforms. What made this particular incident unique was the group’s seldom seen direct targeting of individuals.

The Exploit Details

Further investigations revealed that the infection originated from a deceptive website, detankzone[.]com, masquerading as a legitimate decentralized finance (DeFi) game platform. Visitors were unknowingly exposed to the exploit simply by accessing the site through Chrome, lured by the promise of an NFT-based multiplayer online battle arena. However, behind the facade lay malicious code that seized control of the user’s system through the browser.

The zero-day exploit took advantage of a vulnerability in Chrome’s V8 JavaScript engine, allowing the attackers to circumvent the browser’s security measures and establish remote control over affected devices. Kaspersky researchers promptly alerted Google, which released a patch within 48 hours.

Key vulnerabilities at the core of this campaign included:

  • CVE-2024-4947: A flaw in Chrome’s Maglev compiler permitting the overwriting of critical memory structures

  • V8 Sandbox Bypass: Another flaw that enabled Lazarus to bypass Chrome’s memory protection features and execute arbitrary code

While Kaspersky followed responsible disclosure protocols, Microsoft initially released a report that failed to acknowledge the zero-day aspect of the attack. This prompted Kaspersky to provide additional information, stressing the urgency for users to update their browsers immediately.

As Lazarus Group continues to enhance its tactics, employing social engineering, zero-day exploits, and authentic-looking platforms, both organizations and individuals need to maintain heightened awareness.

Image credit: Alberto Garcia Guillen / Shutterstock.com

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *