Security News > 2021 > October > Lazarus Attackers Turn to the IT Supply Chain
Lazarus - a North Korean advanced persistent threat group - is working on launching cyberespionage-focused attacks on supply chains with its multi-platform MATA framework.
The MATA malware framework can target three operating systems: Windows, Linux and macOS. MATA has historically been used to steal customer databases and to spread ransomware in various industries, but in June, Kaspersky researchers tracked Lazarus using MATA for cyber-espionage.
"The actor delivered a Trojanized version of an application known to be used by their victim of choice - a well-known Lazarus characteristic," they wrote in Kaspersky's latest quarterly threat intelligence report, released on Tuesday.
The U.S. Cybersecurity and Infrastructure Security Agency sent out an alert about BlindingCan in August 2020, warning that Hidden Cobra - another name for Lazarus that's used by the U.S. in general to refer to malicious cyber activity by the North Korean government - was using BlindingCan to siphon intelligence out of military and energy outfits.
As part of the infection chain against the Latvian asset-monitoring tool vendor, Lazarus used a downloader named Racket that the threat actors signed with a stolen certificate.
Ariel Jungheit, senior security researcher for Kaspersky's Global Research and Analysis Team, said in the summary that the recent discoveries show that Lazarus is still keen on infiltrating the defense industry, but it's also looking to expand into supply-chain attacks.