Lazarus APT, especially its subgroup BlueNoroff, is attributed to the professional hack attacks on the financial sector, especially those related to cryptocurrencies. This North Korean-linked cyber group has conducted numerous attacks of high profile targeting organizations and businesses, and using sophisticated malware and exploits.
Three of its tools, namely Manuscrypt, Cutwail, and Turk, have made it possible for over 50 successful campaigns to take place effectively since the year 2013.
Recent Attack Campaign: An Analysis of the Detankzone Exploit
Cybersecurity analysts with Kaspersky in May 2024 pinpointed a Manuscrypt in a Russian system that originated from detankzone[.]com. Though rationalizing itself as a genuine DeFi NFT game, this site was hiding a zero-day Chrome vulnerability.
The exploit was implanted into a weakness in the V8 JavaScript engine that allows the attackers to take full control of the victim’s computer the moment they visit the site. When Kaspersky reported the case, Google immediately dealt with this critical bug and closed all related fake web pages.
Social Engineering Tactics: Social Media Identity Cloning
Adding to this, Lazarus utilized social engineering and opened fake LinkedIn and X (previously Twitter) accounts to endorse a fake game called “DeTankZone.” DeFiTankLand was another real game whose source was used to release a faithful copy of a game demo, trusting which users downloaded malware.
This blended approach emphasizes Lazarus’ flexibility in switching between technical and social approaches to overcome crypto space defenses.
A New & Evolving Danger to Crypto Investors
What is crucial for understanding this campaign is that Lazarus is still capable of evading such cutting-edge security protections using zero-day vulnerabilities along with social engineering approaches.
The event remains relevant to emphasize on the stock and alertness, updates of the applications, and the cautious tendency of the clients, who are involved in cryptocurrency investments, as the threat actors do not stop evolving and improving techniques of attacks.
