Security News > 2020 > July > Multi-Platform Malware Framework Linked to North Korean Hackers

Kaspersky's security researchers have identified a multi-platform malware framework that they believe North Korea-linked hackers have been leveraging in attacks over the past couple of years.

Called MATA, the platform appears to have been in use since spring 2018 to target computers running Windows, Linux, and macOS. The framework, which consists of components such as a loader, an orchestrator, and plugins, is believed to be linked to the prolific North Korean hacking group Lazarus.

Activity involving the MATA platform shows that the threat actor continues this type of attacks.

Analysis of the MATA orchestrator revealed unique filenames previously seen in several variants of the Manuscrypt malware family, and shares a configuration structure similar to that of Manuscrypt, which Kaspersky considered to be evidence of ties with Lazarus.

"Writing malware for Linux and macOS systems often indicates that the attacker feels that he has more than enough tools for the Windows platform, which the overwhelming majority of devices are run on. This approach is typically found among mature APT groups. We expect the MATA framework to be developed even further and advise organizations to pay more attention to the security of their data, as it remains one of the key and most valuable resources that could be affected," Seongsu Park, senior security researcher at Kaspersky, commented.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/DwiTvP6_0dw/multi-platform-malware-framework-linked-north-korean-hackers