DailyPost 2958
LAZARUS EXPLOITS GOOGLE CHROME VULNERABILITY
To call Lazarus the al-Qaeda of cyber security would be an apt for the manner in which they have shook the hacking world. It is believed to be a prop of the North Korean government to proactively carry on its agenda of cyber crime / hacking as a matter of state policy. Cyber security researchers have attributed many cyber attacks to their name since 2010, quite a few in the financial sector, prominent in earlier years being Tien Phong Bank and the legendary Bank of Bangladesh heist in 2016. The group has now been designated as an advanced persistent threat actor.
This new rechristening is based on the because of the intended nature, threat and wide array of methods used when conducting an operation. It is in this context we can see the recent news on Lazarus, ‘Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices.’ This pertains to a zero-day exploitation of a now-patched security flaw in Google Chrome. It was being done to gain control of infected devices. A novel attack chain was discovered by Kaspersky in May 2024, when an unnamed Russian national was hacked with a Manuscript backdoor.
The backdoor in simple terms is triggering a zero-day exploit by simply using a fake game website. This was aimed at individuals from the cryptocurrency sector, which is estimated to have commenced in February 2024. How are these attacks carried out? The prospective targets are approached through email or messaging platforms. They are then tricked into installing the game by posing as a blockchain company. Sometime they would also do the role play of a game developer seeking investment opportunities. The exploit code contains two vulnerabilities – first is to get read and write access and the second is abused to get around V8 sandbox.
What is most impressive is the nature of effort put in for the social engineering campaigns. The threat actors’ pattern of contacting influential figures in the cryptocurrency space to promote their malicious website tells it all. For months together they build their social media presence with posts on X from multiple accounts. They have got in the practice of promoting their game with content produced by generative AI and graphic designers. Besides, X and LinkedIn they have been leveraging specially crafted websites. Spear-phishing techniques were used as and when required to infiltrate the targets of interest. Welcome to the bold new world of APT.
IT SEEMS THAT THE ALL ENCOMPASSING APT TECHNIQUES MAY STILL TAKE SOME TIME TO BE FULLY CHALLENGED.
Sanjay Sahay
Have a nice evening.