Security News
Kaspersky's security researchers have identified a multi-platform malware framework that they believe North Korea-linked hackers have been leveraging in attacks over the past couple of years. Called MATA, the platform appears to have been in use since spring 2018 to target computers running Windows, Linux, and macOS. The framework, which consists of components such as a loader, an orchestrator, and plugins, is believed to be linked to the prolific North Korean hacking group Lazarus.
Lazarus Group, the notorious hacking group with ties to the North Korean regime, has unleashed a new multi-platform malware framework with an aim to infiltrate corporate entities around the world, steal customer databases, and distribute ransomware. Capable of targeting Windows, Linux, and macOS operating systems, the MATA malware framework - so-called because of the authors' reference to the infrastructure as "MataNet" - comes with a wide range of features designed to carry out a variety of malicious activities on infected machines.
Lazarus Group, the notorious hacking group with ties to the North Korean regime, has unleashed a new multi-platform malware framework with an aim to infiltrate corporate entities around the world, steal customer databases, and distribute ransomware. Capable of targeting Windows, Linux, and macOS operating systems, the MATA malware framework - so-called because of the authors' reference to the infrastructure as "MataNet" - comes with a wide range of features designed to carry out a variety of malicious activities on infected machines.
US Cyber Command has uploaded North Korean malware samples to the VirusTotal aggregation repository, adding to the malware samples it uploaded in February. The first of the new malware variants, COPPERHEDGE, is described as a Remote Access Tool "Used by advanced persistent threat cyber actors in the targeting of cryptocurrency exchanges and related entities."
Yesterday, on the 3rd anniversary of the infamous global WannaCry ransomware outbreak for which North Korea was blamed, the U.S. government released information about three new malware strains used by state-sponsored North Korean hackers. Called COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH, the malware variants are capable of remote reconnaissance and exfiltration of sensitive information from target systems, according to a joint advisory released by the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Department of Defense.
Yesterday, on the 3rd anniversary of the infamous global WannaCry ransomware outbreak for which North Korea was blamed, the U.S. government released information about three new malware strains used by state-sponsored North Korean hackers. Called COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH, the malware variants are capable of remote reconnaissance and exfiltration of sensitive information from target systems, according to a joint advisory released by the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Department of Defense.
The United States Cyber Command has uploaded five malware samples to VirusTotal total today, which it has attributed to the North Korean threat group Lazarus. Since November 2018, USCYBERCOM has shared numerous malware samples as part of a project started by its Cyber National Mission Force, including malicious files attributed to nation states from North Korea, Russia, and Iran.
North Korea-linked hacking group Lazarus has been leveraging a Mac variant of the Dacls Remote Access Trojan, Malwarebytes reports. Last year, security researchers identified at least two macOS-targeting malware families used by Lazarus in attacks, and a new one appears to have been added to their arsenal: a Mac variant of the Linux-based Dacls RAT. Initially identified by security researchers with Qihoo 360 NetLab in December 2019, the Dacls backdoor targeted both Windows and Linux systems.
Know anything about North Korean hackers and their activities in cyberspace, past or ongoing? North Korean cyber actors are allegedly behind extortion campaigns, including both ransomware and mobster-like protection rackets.
Threat actors working for North Korea have also been hired by others to hack websites and extort targets, the U.S. government says in a new cyber alert. A joint advisory published on Wednesday by the U.S. Department of State, the Department of Treasury, the DHS, and the FBI provides guidance on the North Korean cyber threat and summarizes associated activities.