A recent cyber-attack carried out by the infamous Lazarus Group, along with its BlueNoroff subgroup, has uncovered a new vulnerability in Google Chrome. This attack utilized a zero-day exploit to gain full control over infected systems, showcasing the group’s advanced tactics in the realm of cyber threats.
The discovery of this campaign came to light when Kaspersky Total Security detected the presence of the Manuscrypt malware on a personal computer in Russia. Manuscrypt, a tool commonly associated with Lazarus, has been utilized in numerous campaigns dating back to 2013, targeting various entities such as governments, financial institutions, and cryptocurrency platforms. What made this particular incident unique was the fact that Lazarus typically focuses on larger targets rather than individual users.
The zero-day exploit used in this attack was aimed at a specific feature within Chrome’s V8 JavaScript engine. By visiting a deceitful website masquerading as a legitimate decentralized finance (DeFi) game platform, unsuspecting users triggered the exploit without their knowledge. The malicious code embedded within the site allowed the attackers to bypass Chrome’s security measures, ultimately gaining remote control over the compromised devices.
The vulnerabilities at the core of this attack included CVE-2024-4947, which exploited a flaw in Chrome’s Maglev compiler, and a V8 Sandbox Bypass that enabled Lazarus to execute arbitrary code by circumventing Chrome’s memory protection mechanisms. Prompt action from Kaspersky led to the discovery of these vulnerabilities being reported to Google, prompting the release of a patch within a short timeframe.
While Kaspersky followed responsible disclosure protocols, Microsoft reportedly published a related report that failed to address the zero-day aspect of the attack. This discrepancy highlighted the urgency for users to update their browsers immediately to mitigate the risk of falling victim to similar exploits.
As Lazarus continues to evolve its tactics, incorporating social engineering techniques, zero-day exploits, and legitimate-looking platforms into its campaigns, it is crucial for both organizations and individuals to maintain a high level of vigilance. Staying informed about the latest cyber threats and promptly updating software are essential steps in safeguarding against potential attacks.
Overall, the incident serves as a reminder of the ever-present threat posed by sophisticated threat actors and the importance of proactive cybersecurity measures in today’s digital landscape.