Kaspersky researchers were able to link MATA to the Lazarus group, known for its sophisticated operations and links to North Korea, and for cyberespionage and financially-motivated attacks.
#Lazarus group mac based attack software
Moreover, Lazarus compromised systems in various industries, including a software development company, an e-commerce company and an internet service provider. It was utilized for a number of attacks aimed at stealing customer databases and distributing ransomware – software designed to block access to a computer system until a sum of money is paid.Īccording to Kaspersky telemetry, victims infected by the MATA framework were located in Poland, Germany, Turkey, Korea, Japan and India, indicating that the threat actor was not focusing on a specific territory. Since then, the actor behind this advanced malware framework has taken an aggressive approach to infiltrate corporate entities around the world.
The framework consists of several components, such as a loader, an orchestrator (which manages and coordinates the processes once a device is infected) and plugins.Īccording to Kaspersky researchers, the first artefacts found relating to MATA were used in or around April 2018. In the cases discovered by Kaspersky, the MATA framework was able to target three platforms – Windows, Linux and macOS – indicating that the attackers planned to use it for multiple purposes.
They are often deployed for long-term use, which results in increased profit for the actor through numerous attacks spread over time. Malicious toolsets used to target multiple platforms are a rare breed, as they require significant investment from the developer.
0 kommentar(er)
