Lazarus Crypto Hacker Group Resurfaces Online

The Lazarus Group, a notorious hacker group made up of an unknown number of individuals alleged to be run by the North Korean government

The Lazarus Group, a state-sponsored North Korean hacker group, has resurfaced after months of silence. In its latest attack, the group used a fake, non-fungible token (NFT)-based game on Google Chrome to install spyware that stole crypto and NFT wallet credentials.

According to an Oct. 24 blog post by Cointelegraph, the Lazarus hacker group has resurfaced online after several months "underwater." The group began by launching a fake NFT game on Chrome that installed spyware designed to pilfer sensitive data from crypto users engaging with the fake game.

The #NorthKorean #Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. #Hacking #cybersecurityhttps://t.co/wMBJUipAq4

— Anonymous??‍⬛ (@YourAnonRiots) October 23, 2024

The Lazarus Group is a North Korean state-sponsored cyber threat group linked to the North Korean Reconnaissance General Bureau (RGB). The NKRGB is tasked with espionage, covert operations and cyber activities. Throughout its existence, the RGB has dedicated significant efforts to gathering intelligence and attempting to infiltrate crypto funds in South Korea, the United States and Japan.

The Lazarus Group gained notoriety in 2021 when it was officially named by the Federal Bureau of Investigation (FBI) as the perpetrator of a breach on Sky Mavis, the developer of the popular blockchain-based video game Axie Infinity, which resulted in the theft of digital assets worth hundreds of millions of dollars. As of December 2023, North Korean hackers had stolen over $3 billion in crypto heists.

The Lazarus hacker group strikes again in 2024

The exploit was noticed by Kaspersky Labs analysts in May and reported to Google, which fixed it several days later, as per the Cointelegraph report. The hackers launched a play-to-earn multiplayer online battle arena (MOBA) game and advertised it on LinkedIn and X. The game, which was a DeTankZone knockoff, featured NFTs used as tanks in a global competition. The fake NFT game was initially discovered and flagged by the Microsoft Security Team in February 2024.

Screenshot from Lazarus Group’s fake game. Source: SecureList

However, by the time Kaspersky planned to analyze the exploit, the North Korean hackers had already removed it from the website. Regardless, the Kaspersky Labs analysts notified Google about it, and Google patched the vulnerability in Chrome before the hackers could reuse the exploit.

In the meantime, the total number of victims affected by this breach remains unknown. Users who previously interacted with the game are advised to reset all their passwords.

Related NFT News: