Security News > 2020 > July > North Korean Hackers Spotted Using New Multi-Platform Malware Framework

Lazarus Group, the notorious hacking group with ties to the North Korean regime, has unleashed a new multi-platform malware framework with an aim to infiltrate corporate entities around the world, steal customer databases, and distribute ransomware.

Capable of targeting Windows, Linux, and macOS operating systems, the MATA malware framework - so-called because of the authors' reference to the infrastructure as "MataNet" - comes with a wide range of features designed to carry out a variety of malicious activities on infected machines.

MATA plugins also allow hackers to target Linux-based diskless network devices such as routers, firewalls or IoT devices, and macOS systems by masquerading as a 2FA app called TinkaOTP, which is based on an open-source two-factor authentication application named MinaOTP. Once the plugins were deployed, the hackers then tried to locate the compromised company's databases and execute several database queries to acquire customer details.

Kaspersky said it linked MATA to the Lazarus Group based on the unique file name format found in the orchestrator, which has been previously seen in several variants of the Manuscrypt malware.

The state-sponsored Lazarus Group has been linked to many major cyber offensives, including the Sony Pictures hack in 2014, the SWIFT banking hack in 2016, and the WannaCry ransomware infection in 2017.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/DVxmjqiYd-s/lazarus-north-korean-hackers.html