Search This Blog

Discovery of a New Malware Framework and Its Linkages with a North Korean Hacker Group

MATA Malware Framework Latest Move for North Korean Hackers


The discovery of a brand new malware framework and its linkages with a North Korean hacker group has heightened the panic within the digital world. Kaspersky, the cybersecurity company has already alerted the SOC groups of the discovery.

Referred to as  "MATA," the framework has been being used since around April 2018, principally to help in attacks intended to steal customer databases and circulate ransomware.

The framework itself gives its controllers the adaptability to target Windows, Linux, and macOS and comprises of a few components including loader, orchestrator, and plugins.

Kaspersky associated its utilization to the North Korean group "Lazarus”, which has been engaged for a considerable length of time in 'cyber-espionage' and sabotage and, by means of its Bluenoroff subgroup, endeavors to collect illegal funds for its Pyongyang masters.

The group was even pegged for WannaCry, just as refined attacks on financial institutions including the notorious $81m raid of Bangladesh Bank. Kaspersky senior researcher, Seongsu Park, contended that the most recent attacks connected to Lazarus display its eagerness to invest serious resources to create new malware toolsets in the chase for money and data.

“Furthermore, writing malware for Linux and macOS systems often indicates that the attacker feels that he has more than enough tools for the Windows platform, which the overwhelming majority of devices are run on. This approach is typically found among mature APT groups” he added later.

“We expect the MATA framework to be developed even further and advise organizations to pay more attention to the security of their data, as it remains one of the key and most valuable resources that could be affected.”

The security vendor encouraged the SOC teams to get to the most recent threat intelligence feeds, install dedicated security on all Windows, macOS and Linus endpoints, and to back-up regularly.

The framework seems to have been deployed in a wide variety of scenarios, focusing on e-commerce firms, software developers, and ISPs across Poland, Germany, Turkey, Korea, Japan, and India.

Share it:

Cyber Attacks

Kasperksy

lazarus

malware

North Korean Hackers