Security News > 2023 > October > MATA malware framework exploits EDR in attacks on defense firms
An updated version of the MATA backdoor framework was spotted in attacks between August 2022 and May 2023, targeting oil and gas firms and the defense industry in Eastern Europe.
The updated MATA framework combines a loader, a main trojan, and an infostealer to backdoor and gain persistence in targeted networks.
The MATA version in these attacks is similar to previous versions linked to the North Korean Lazarus hacking group but with updated capabilities.
In applicable cases where the targets were Linux servers, the attackers employed a Linux variant of MATA in the form of an ELF file, which appears to be similar in functionality to the third generation of the Windows implant.
The deployment of multiple malware frameworks and MATA framework versions in a single attack is very uncommon, indicating a particularly well-resourced threat actor.
For more technical information on MATA malware and the techniques used in the latest attacks, check out Kaspersky's full report here.
News URL
Related news
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (source)
- New BunnyLoader Malware Variant Surfaces with Modular Attack Features (source)
- Exploit released for Fortinet RCE bug used in attacks, patch now (source)
- Over 100 US and EU orgs targeted in StrelaStealer malware attacks (source)
- Hackers exploit Ray framework flaw to breach servers, hijack resources (source)
- Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite (source)