Lazarus Exploits Chrome Zero-Day in Fake DeFi Game Heist

Red | Attack Report
Download PDF

The North Korean Lazarus hacking group has leveraged a Google Chrome zero-day vulnerability, identified as CVE-2024-4947, as part of a highly targeted campaign aimed at individuals in the cryptocurrency space. This exploitation was delivered through a fake decentralized finance (DeFi) game, designed to lure victims and compromise their systems. In one notable instance, the attackers targeted the personal computer of an unnamed Russian national, deploying the Manuscrypt backdoor to establish long-term access and facilitate further malicious activities.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox

Cyber Horizons 2025

What Last Year’s Attacks Reveal About Today’s Risks

Watch the Webinar on-demand and get a FREE copy of our Cyber Horizons 2025 report.

Our Speakers
Speaker 1

Prateek Bhajanka Global Field CISO & Former Gartner Analyst Hive Pro Inc.

Speaker 2

Ankit Mani Manager Threat Intel HiveForce Labs

Speaker 3

Sreevani Tonipe Senior Threat Researcher HiveForce Labs