Security News > 2023 > October > MATA malware framework exploits EDR in attacks on defense firms
An updated version of the MATA backdoor framework was spotted in attacks between August 2022 and May 2023, targeting oil and gas firms and the defense industry in Eastern Europe.
The updated MATA framework combines a loader, a main trojan, and an infostealer to backdoor and gain persistence in targeted networks.
The MATA version in these attacks is similar to previous versions linked to the North Korean Lazarus hacking group but with updated capabilities.
In applicable cases where the targets were Linux servers, the attackers employed a Linux variant of MATA in the form of an ELF file, which appears to be similar in functionality to the third generation of the Windows implant.
The deployment of multiple malware frameworks and MATA framework versions in a single attack is very uncommon, indicating a particularly well-resourced threat actor.
For more technical information on MATA malware and the techniques used in the latest attacks, check out Kaspersky's full report here.
News URL
Related news
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- SteelFox and Rhadamanthys Malware Use Copyright Scams, Driver Exploits to Target Victims (source)
- Cybercriminals Use Excel Exploit to Spread Fileless Remcos RAT Malware (source)
- New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)