Yesterday, a cybersecurity company reported that North Korea’s notorious hacker group devised a fake blockchain game and successfully stole $3 billion worth of cryptocurrency from users. Kaspersky Lab said the Lazarus group exploited a critical vulnerability in the Google Chrome browser to compromise victims’ cryptocurrency wallets.
Lazarus Group: $3 Billion Crypto Heist
North Korean hackers have reportedly stolen more than $3 billion in cryptocurrencies using fake games, and the group successfully carried out this operation over a six-year period from 2016 to 2022.
This heist is a fallout from Google’s failure to fix a vulnerability in its Chrome browser.
Meanwhile, blockchain detectives conducting a separate investigation discovered that Lazarus Group carried out 25 hacking attacks and laundered $200 million worth of cryptocurrencies.
It was also revealed that North Korea has a network of developers working on “established” cryptocurrency projects. The network is said to receive a monthly salary of $500,000.
The market capitalization of cryptocurrencies currently stands at $2.2 trillion. Chart: TradingView
questionable game plan
Kaspersky Labs analysts Vasily Berdnikov and Boris Larin have reported that the Lazarus group is developing a fake called “DeTankZone” or “DeTankWar” that revolves around non-fungible tokens (NFTs) and siphons off victims’ cryptocurrency wallets. He said he created a game.
Analysts revealed that hackers exploited a zero-day vulnerability in the Chrome browser.
Website appearance and hidden exploit loaders. Source: Kaspersky
Berdnikov and Larin explained that the hackers used fake games to persuade victims to visit malicious websites and inject malware called Manuscript into their computers.
Using Manuscript, hackers were able to corrupt Chrome’s memory, giving them everything they needed to steal user passwords, authentication tokens, and cryptography of unwitting victims.
12 days to resolve issue
Kaspersky Lab analysts discovered what Lazarus Group was doing in May. Berdnikov and Larin immediately brought the issue to Google’s attention so the platform could fix the vulnerability.
However, Google was not prepared to deal with zero-day vulnerability issues and took 12 days to fix the vulnerability.
Boris Larin, Kaspersky Lab’s chief security expert, said the remarkable effort the hacker group has put into the aforementioned hacking campaign shows it has ambitious plans. .
Larin noted that what the group has done could have a broader impact than previously thought.
Lazarus Group reminds us that the fight against hackers continues. The Chrome vulnerability highlighted the need for platforms to ensure their security measures are always up to date and vigilant against cybersecurity threats.
Featured images from Le Parisien, charts from TradingView
