Security News > 2023 > October > MATA malware framework exploits EDR in attacks on defense firms
An updated version of the MATA backdoor framework was spotted in attacks between August 2022 and May 2023, targeting oil and gas firms and the defense industry in Eastern Europe.
The updated MATA framework combines a loader, a main trojan, and an infostealer to backdoor and gain persistence in targeted networks.
The MATA version in these attacks is similar to previous versions linked to the North Korean Lazarus hacking group but with updated capabilities.
In applicable cases where the targets were Linux servers, the attackers employed a Linux variant of MATA in the form of an ELF file, which appears to be similar in functionality to the third generation of the Windows implant.
The deployment of multiple malware frameworks and MATA framework versions in a single attack is very uncommon, indicating a particularly well-resourced threat actor.
For more technical information on MATA malware and the techniques used in the latest attacks, check out Kaspersky's full report here.
- Mirai DDoS malware variant expands targets with 13 router exploits (source)
- Endpoint malware attacks decline as campaigns spread wider (source)
- Pro-Russia group exploits Roundcube zero-day in attacks on European government emails (source)
- Iranian Group Tortoiseshell Launches New Wave of IMAPLoader Malware Attacks (source)
- Record-Breaking 100 Million RPS DDoS Attack Exploits HTTP/2 Rapid Reset Flaw (source)
- StripedFly malware framework infects 1 million Windows, Linux hosts (source)
- Side channel attacks take bite out of Apple silicon with iLeakage exploit (source)
- EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub (source)
- New BiBi-Linux wiper malware targets Israeli orgs in destructive attacks (source)
- Hackers exploit recent F5 BIG-IP flaws in stealthy attacks (source)