👽North Korean hackers stole $3 billion in cryptocurrency, and cybersecurity alarm bells are ringing!
Kaspersky Lab’s latest report revealed that North Korea’s Lazarus Group hacker group cleverly stole about $3 billion in cryptocurrency from players by creating a fake blockchain game. The report said that the group of hackers exploited a security vulnerability in the Chrome browser to carry out this carefully planned cyber theft.
Lazarus Group’s hacking activities are not a whim. They have been carrying out this illegal behavior from 2016 to 2022, and the scale of the operation is large. Not only that, they have launched a total of 25 cyber attacks, involving money laundering of up to $200 million.
In addition, the investigation also revealed the existence of a professional developer network in North Korea. This team specializes in providing services for mature cryptocurrency projects and earns up to $500,000 a month. These findings reveal the operating model of a well-organized and well-funded hacker group.
The report analysis found that the game created by Lazarus Group is called DeTankZone or DeTankWar, which revolves around NFT. They used a zero-day vulnerability in Chrome to implant a malware called "Manuscript" into the victim's computer. In this way, they can get the user's password, authentication token, and various cryptocurrencies.
Analysts also revealed the operation logic of Lazarus Group. They developed an NFT-related trap game called DeTankZone or DeTankWar, and used a zero-day vulnerability in the Chrome browser to implant a malware called "Manuscript" into the victim's computer, thereby stealing the user's password, authentication token, and various cryptocurrencies.
It is said that as early as May, Kaspersky Lab discovered this security vulnerability and quickly notified Google officials. However, Google did not seem to be prepared and took a full 12 days to fix this zero-day vulnerability.
The attack of Lazarus Group once again reminds us that we must remain highly vigilant, update software in a timely manner, and strengthen network security protection. At the same time, this incident also highlights the important role of strengthening international cooperation and legislators in formulating cybersecurity regulations. In this digital age, we need to work together to ensure the security of cyberspace.