Lazarus Group Surfaces with Advanced Malware Framework

2020-07-22 16:43

The North Korea-linked APT known as Lazarus Group has debuted an advanced, multipurpose malware framework, called MATA, to target Windows, Linux and macOS operating systems.

As far as victimology, known organizations hit by the MATA framework have been located in Germany, India, Japan, Korea, Turkey and Poland - indicating that the attacks cast a wide net.

"After deploying MATA malware and its plugins, the actor attempted to find the victim's databases and execute several database queries to acquire customer lists. We're not sure if they completed the exfiltration of the customer database, but it's certain that customer databases from victims are one of their interests. In addition, MATA was used to distribute VHD ransomware to one victim."

The Windows version of MATA consists of several components, according to the firm: Most notably, a loader malware, which is used to load an encrypted next-stage payload; and the payload itself, which is likely the orchestrator malware.

Kaspersky has linked the MATA framework to the Lazarus APT group through two unique file names found in the orchestrators: c 2910.cls and k 3872.cls, which have only previously been seen in several variants of the Manuscrypt malware, a known Lazarus tool.

News URL

https://threatpost.com/lazarus-group-advanced-malware-framework/157636/

#framework #lazarusgroup #malware