Security Center Security News v
Lazarus Group Surfaces with Advanced Malware Framework

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Lazarus Group Surfaces with Advanced Malware Framework
tarekma7 Offline
Administrator
*******
Administrators
Posts: 19,393
Threads: 8,941
Thanks Received: 32,399 in 9,289 posts
Thanks Given: 4,308
Joined: Sep 2015
Reputation: 2,718
The EnforcerGold MemberRandomThe InfluentialThe CrownThe Researcher The WriterThe Organizer View All
#1
07-23-2020 , 10:49 PM
Quote:The North Korean APT has been using the framework, called MATA, for a number of purposes, from spying to financial gain.

The North Korea-linked APT known as Lazarus Group has debuted an advanced, multipurpose malware framework, called MATA, to target Windows, Linux and macOS operating systems.

Kaspersky researchers uncovered a series of attacks utilizing MATA (so-called because the malware authors themselves call their infrastructure MataNet), involving the infiltration of corporate entities around the world in a quest to steal customer databases and distribute ransomware. The framework consists of several components, such as a loader, an orchestrator (which manages and coordinates the processes once a device is infected) and plugins. And according to artifacts in the code, Lazarus has been using it since spring 2018.

“Malicious toolsets used to target multiple platforms are a rare breed, as they require significant investment from the developer,” explained Kaspersky analysts, in a report issued on Wednesday. “They are often deployed for long-term use, which results in increased profit for the actor through numerous attacks spread over time. In the cases discovered by Kaspersky, the MATA framework was able to target three platforms – Windows, Linux and macOS – indicating that the attackers planned to use it for multiple purposes.”

As far as victimology, known organizations hit by the MATA framework have been located in Germany, India, Japan, Korea, Turkey and Poland — indicating that the attacks cast a wide net. Moreover, those victims are in various sectors, and include a software development company, an e-commerce company and an internet service provider.

“From one victim, we identified one of their intentions,” according to Kaspersky. “After deploying MATA malware and its plugins, the actor attempted to find the victim’s databases and execute several database queries to acquire customer lists. We’re not sure if they completed the exfiltration of the customer database, but it’s certain that customer databases from victims are one of their interests. In addition, MATA was used to distribute VHD ransomware to one victim.”

Continue HERE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Lazarus hackers use Windows Update to deploy malware Mohammad.Poorya 0 884 01-28-2022 , 05:33 AM
Last Post: Mohammad.Poorya
  Lazarus Group Tied to TFlower Ransomware Bjyda 0 2,208 03-03-2021 , 11:34 PM
Last Post: Bjyda
  Russian Hacking Group Deploys IronPython Malware Loader Bjyda 0 1,330 02-24-2021 , 11:38 PM
Last Post: Bjyda
  New BendyBear APT malware gets linked to Chinese hacking group Bjyda 0 855 02-09-2021 , 11:19 PM
Last Post: Bjyda
  Lazarus Group Hits COVID-19 Vaccine-Maker in Espionage Attack mrtrout 0 987 12-24-2020 , 06:49 AM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)