Security News > 2020 > July > Multi-Platform Malware Framework Linked to North Korean Hackers
Kaspersky's security researchers have identified a multi-platform malware framework that they believe North Korea-linked hackers have been leveraging in attacks over the past couple of years.
Called MATA, the platform appears to have been in use since spring 2018 to target computers running Windows, Linux, and macOS. The framework, which consists of components such as a loader, an orchestrator, and plugins, is believed to be linked to the prolific North Korean hacking group Lazarus.
Activity involving the MATA platform shows that the threat actor continues this type of attacks.
Analysis of the MATA orchestrator revealed unique filenames previously seen in several variants of the Manuscrypt malware family, and shares a configuration structure similar to that of Manuscrypt, which Kaspersky considered to be evidence of ties with Lazarus.
"Writing malware for Linux and macOS systems often indicates that the attacker feels that he has more than enough tools for the Windows platform, which the overwhelming majority of devices are run on. This approach is typically found among mature APT groups. We expect the MATA framework to be developed even further and advise organizations to pay more attention to the security of their data, as it remains one of the key and most valuable resources that could be affected," Seongsu Park, senior security researcher at Kaspersky, commented.
News URL
Related news
- North Korean Hackers Deploy OtterCookie Malware in Contagious Interview Campaign (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)
- APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware (source)
- Radiant links $50 million crypto heist to North Korean hackers (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP (source)
- The Mask APT Resurfaces with Sophisticated Multi-Platform Malware Arsenal (source)