Google Chrome Zero-Day Vulnerability Exploited by Lazarus Group by Using Phony DeFi Game – Active IOCs
Contents
Multiple Oracle Products Vulnerabilities
October 24, 2024CVE-2024-47575 – Fortinet FortiManager Vulnerability Exploit in the Wild
October 24, 2024Multiple Oracle Products Vulnerabilities
October 24, 2024CVE-2024-47575 – Fortinet FortiManager Vulnerability Exploit in the Wild
October 24, 2024Severity
High
Analysis Summary
The North Korean threat group Lazarus used a phony decentralized finance (DeFi) game to target Bitcoin users and exploit a Google Chrome zero-day known as CVE-2024-4947.
Researchers uncovered the attacks on May 13, 2024, and notified Google of the Chrome zero-day vulnerability. On May 25th, Google released Chrome version 125.0.6422.60/.61, which fixed CVE-2024-4947. The campaign began in February 2024 and was uncovered by researchers after they found a new version of the "Manuscrypt" backdoor software on a Russian customer's computer.
The researchers were interested in the threat actor's unusual targeting breadth, which encompassed random people, even though Lazarus had been utilizing Manuscrypt for years. Additional telemetry revealed that the "detankzone[.]com" website was the source of the Google Chrome exploit, which was …
October 24, 2024CVE-2024-47575 – Fortinet FortiManager Vulnerability Exploit in the Wild
October 24, 2024Multiple Oracle Products Vulnerabilities
October 24, 2024CVE-2024-47575 – Fortinet FortiManager Vulnerability Exploit in the Wild
October 24, 2024Severity
High
Analysis Summary
The North Korean threat group Lazarus used a phony decentralized finance (DeFi) game to target Bitcoin users and exploit a Google Chrome zero-day known as CVE-2024-4947.
Researchers uncovered the attacks on May 13, 2024, and notified Google of the Chrome zero-day vulnerability. On May 25th, Google released Chrome version 125.0.6422.60/.61, which fixed CVE-2024-4947. The campaign began in February 2024 and was uncovered by researchers after they found a new version of the "Manuscrypt" backdoor software on a Russian customer's computer.
The researchers were interested in the threat actor's unusual targeting breadth, which encompassed random people, even though Lazarus had been utilizing Manuscrypt for years. Additional telemetry revealed that the "detankzone[.]com" website was the source of the Google Chrome exploit, which was …
IoC
http://detankzone.com