Security News > 2023 > October > MATA malware framework exploits EDR in attacks on defense firms

An updated version of the MATA backdoor framework was spotted in attacks between August 2022 and May 2023, targeting oil and gas firms and the defense industry in Eastern Europe.
The updated MATA framework combines a loader, a main trojan, and an infostealer to backdoor and gain persistence in targeted networks.
The MATA version in these attacks is similar to previous versions linked to the North Korean Lazarus hacking group but with updated capabilities.
In applicable cases where the targets were Linux servers, the attackers employed a Linux variant of MATA in the form of an ELF file, which appears to be similar in functionality to the third generation of the Windows implant.
The deployment of multiple malware frameworks and MATA framework versions in a single attack is very uncommon, indicating a particularly well-resourced threat actor.
For more technical information on MATA malware and the techniques used in the latest attacks, check out Kaspersky's full report here.
News URL
Related news
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- SonicWall firewall bug leveraged in attacks after PoC exploit release (source)
- New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)