22 July 20, 19:26
Quote:The North Korea-linked APT known as Lazarus Group has debuted an advanced, multipurpose malware framework, called MATA, to target Windows, Linux and macOS operating systems.
Kaspersky researchers uncovered a series of attacks utilizing MATA (so-called because the malware authors themselves call their infrastructure MataNet), involving the infiltration of corporate entities around the world in a quest to steal customer databases and distribute ransomware. The framework consists of several components, such as a loader, an orchestrator (which manages and coordinates the processes once a device is infected) and plugins. And according to artifacts in the code, Lazarus has been using it since spring 2018.
“Malicious toolsets used to target multiple platforms are a rare breed, as they require significant investment from the developer,” explained Kaspersky analysts, in a report issued on Wednesday. “They are often deployed for long-term use, which results in increased profit for the actor through numerous attacks spread over time. In the cases discovered by Kaspersky, the MATA framework was able to target three platforms – Windows, Linux and macOS – indicating that the attackers planned to use it for multiple purposes.”
As far as victimology, known organizations hit by the MATA framework have been located in Germany, India, Japan, Korea, Turkey and Poland — indicating that the attacks cast a wide net. Moreover, those victims are in various sectors, and include a software development company, an e-commerce company and an internet service provider.
Read more: https://threatpost.com/lazarus-group-adv...rk/157636/