Connect with us

Hi, what are you looking for?

HEADLINES

Lazarus employs multi-platform malware framework in series of data espionage and ransomware attacks

Malicious toolsets used to target multiple platforms are a rare breed, as they require significant investment from the developer. They are often deployed for long-term use, which results in increased profit for the actor through numerous attacks spread over time.

Kaspersky researchers have uncovered a series of attacks which use an advanced malware framework, called MATA, to target Windows, Linux and macOS operating systems. In use since spring 2018, the framework is linked to Lazarus – a well-known and prolific North Korean APT group.

Malicious toolsets used to target multiple platforms are a rare breed, as they require significant investment from the developer. They are often deployed for long-term use, which results in increased profit for the actor through numerous attacks spread over time. 

In the cases discovered by Kaspersky, the MATA framework was able to target three platforms – Windows, Linux and macOS – indicating that the attackers planned to use it for multiple purposes. The framework consists of several components, such as a loader, an orchestrator (which manages and coordinates the processes once a device is infected) and plugins. 

According to Kaspersky researchers, the first artefacts found relating to MATA were used in or around April 2018. Since then, the actor behind this advanced malware framework has taken an aggressive approach to infiltrate corporate entities around the world. It was utilized for a number of attacks aimed at stealing customer databases and distributing ransomware – software designed to block access to a computer system until a sum of money is paid. 

Advertisement. Scroll to continue reading.

According to Kaspersky telemetry, victims infected by the MATA framework were located in Poland, Germany, Turkey, Korea, Japan and India, indicating that the threat actor was not focusing on a specific territory. Moreover, Lazarus compromised systems in various industries, including a software development company, an e-commerce company and an internet service provider. 

Kaspersky researchers were able to link MATA to the Lazarus group, known for its operations and links to North Korea, and for cyberespionage and financially-motivated attacks. A number of researchers, including those at Kaspersky, previously reported on this group targeting banks and other large financial enterprises, including the ATMDtrack attack and AppleJeus campaigns. This latest series of attacks suggest that the actor is continuing this type of activity.

Victims_of_MATA

Victims of MATA framework are located across the world

“This series of attacks indicates that Lazarus was willing to invest significant resources into developing this toolset and widening the reach of organizations targeted – particularly in hunting for both money and data. Furthermore, writing malware for Linux and macOS systems often indicates that the attacker feels that he has more than enough tools for the Windows platform, which the overwhelming majority of devices are run on. This approach is typically found among mature APT groups,” comments Seongsu Park, a senior security researcher. 

“We expect the MATA framework to be developed even further and advise organizations to pay more attention to the security of their data, as it remains one of the key and most valuable resources that could be affected,” he adds.

In order to avoid falling victim to multi-platform malware, Kaspersky researchers recommend implementing the following measures:

Advertisement. Scroll to continue reading.
  • Install a dedicated cybersecurity product on all Windows, Linux and MacOS endpoints, such as Kaspersky Endpoint Security for Business. This will enable protection from existing and new cyberthreats and also provides a range of cybersecurity controls for each operating system  
  • Provide your SOC team with access to the latest Threat Intelligence to help them stay up to date with any new and emerging tools, techniques and tactics used by threat actors
  • Always have fresh back-up copies of business data that are quickly accessible, so you can urgently recover data that may be lost or locked due to ransomware

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

HEADLINES

On average, a single organization in the Philippines experiences 4,003 attacks per week, significantly higher than the APAC average of 2,870 attacks per week.

White Papers

Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into...

Advertisement