Kaspersky is alerting SOC groups to a new malware framework it has found out and joined to the notorious North Korean hacking group identified as Lazarus.
Dubbed “MATA,” the framework has evidently been in use considering that around April 2018, largely to support in attacks built to steal customer databases and distribute ransomware.
Considering the fact that that time it appears to have been deployed in a wide variety of situations, targeting e-commerce companies, computer software builders and ISPs across Poland, Germany, Turkey, Korea, Japan and India.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
The framework itself gives its controllers the adaptability to focus on Windows, Linux and macOS, and consists of quite a few elements including loader, orchestrator and plugins.
Kaspersky tied its use to the Lazarus team, which has been engaged for many years in cyber-espionage and sabotage and, via its Bluenoroff subgroup, tries to accrue illicit funds for its Pyongyang masters. The team was pegged for WannaCry, as well as subtle assaults on financial institutions which includes the notorious $81m raid of Bangladesh Lender.
Kaspersky senior researcher, Seongsu Park, argued that the hottest assaults linked to Lazarus demonstrate it is eager to make investments really serious assets to create new malware toolsets in the hunt for money and information.
“Furthermore, crafting malware for Linux and macOS programs normally suggests that the attacker feels that he has more than adequate equipment for the Windows system, which the overpowering vast majority of units are operate on. This tactic is normally located among the experienced APT groups” he included.
“We be expecting the MATA framework to be designed even even further and advise organizations to shell out a lot more consideration to the security of their details, as it remains one of the vital and most useful sources that could be afflicted.”
The security seller urged SOC teams to accessibility the newest danger intelligence feeds, install dedicated security on all Windows, macOS and Linus endpoints, and to again-up on a regular basis.