Kaspersky’s Global Research and Analysis Team (GReAT) has recently shared findings about an ongoing Advanced Persistent Threat (APT) campaign attributed to the Lazarus Group, which is targeting cryptocurrency investors on a global scale.
This campaign involves the creation of a counterfeit video game website, known as “cryptogame,” designed to lure victims into financial traps. The site exploits a vulnerability in Google Chrome, enabling attackers to install spyware on users’ devices and subsequently steal sensitive financial information.
In May 2024, while analyzing data from the Kaspersky Security Network, researchers uncovered attacks leveraging Manuscrypt malware. This malicious software has been associated with the Lazarus APT Group since 2013 and has been utilized in numerous campaigns across various industries.
Kaspersky’s experts have determined that this campaign is not merely a series of cyber attacks but a carefully orchestrated operation that blends social engineering tactics with generative AI techniques, specifically targeting cryptocurrency investors. The Lazarus Group is known for its sophisticated attack strategies, frequently capitalizing on zero-day vulnerabilities to compromise cryptocurrency trading platforms.
Recent research revealed that the Lazarus hackers exploited two critical vulnerabilities in Google Chrome, including one designated CVE-2024-4947. This particular vulnerability, found in the JavaScript and WebAssembly V8 components of the Chrome browser, allows attackers to execute arbitrary malicious code, circumventing stringent security measures and facilitating malicious activities on compromised devices.
Through this exploit, attackers set up a website that impersonated the NFT Tanks video game to attract players to engage in global matches. In addition to developing a realistic game interface, the hackers implemented a comprehensive promotional strategy, creating accounts on social media platforms like X (formerly Twitter) and LinkedIn to raise awareness about the game over several months. They also utilized AI-generated imagery to bolster the website’s authenticity, leading potential victims to perceive the game as legitimate.
This integration of generative AI into APT operations highlights the evolving tactics employed by the Lazarus Group, suggesting future campaigns may increasingly utilize complex and hard-to-detect methods. Furthermore, the group has targeted influential figures in the cryptocurrency sector, leveraging their social media presence to amplify the campaign’s reach. This includes not only exploiting their likenesses for promotional purposes but also attempting direct attacks on their cryptocurrency accounts.
Mr. Boris Larin, Head of Security Researchers at Kaspersky’s GReAT, emphasized the unprecedented nature of this campaign. He noted that the attackers have circumvented traditional methods, utilizing a comprehensive gaming façade to exploit Chrome’s zero-day vulnerability. He warned that even seemingly harmless actions, such as clicking a link on social media or in an email, can result in the compromise of personal computers or entire business networks. Larin highlighted the extensive planning behind this campaign, indicating that this notorious hacker group has developed systematic and methodical approaches with the potential to impact millions of users and businesses worldwide.
