Saturday, February 15, 2025
HomeComputer SecurityLazarus APT Group Uses Cross-platform Malware Framework to Launch Attack Against Corporate...

Lazarus APT Group Uses Cross-platform Malware Framework to Launch Attack Against Corporate Entities

Published on

SIEM as a Service

Follow Us on Google News

Lazarus APT group believed to be run by the North Korean government, the group know to be active since 2009. The group is financially motivated and known for it’s broad & cross-platform targeting.

Researchers observed a new cross-platform malware framework used by the threat actor group to compromise various organizations in Europe and Asia recently.

MATA Malware Framework

The MATA malware framework used by threat actors from April 2018 to infiltrate corporate entities around the world.

The MATA framework consists of several frameworks the process several components such as the loader, orchestrator, and plugins.

The MATA found to be circulated in April 2018, according to Kaspersky’s research, the threat actors expanded their operations by crafting a brand-new malware framework.

The malware framework found to be used in several hacking campaigns, those target organizations operating in different sectors.

With the framework attackers able to target Windows, Linux, and macOS operating systems. Kaspersky found “several victims from our telemetry and figured out the purpose of this malware framework.”

By using MATA attackers can load additional malware, inject DLLs, manipulates files, and creates proxies on the affected network.

The Windows version of MATA is capable of loading 15 plugins at the same time and to covertly communicate with the C2 server hey employs TLS1.2 connections.

The MATA also allows hackers to scan for new targets on macOS and Linux-based machines, the plugin of Linux version and macOS version are identical.

According to Kaspersky telementary, the victims were recorded in the following countries such as Poland, Germany, Turkey, Korea, Japan, and India.

Once the attacker deployed MATA malware and its plugins, they attempted to find the victim’s databases and execute several database queries to acquire customer lists.

Kaspersky can assess that the MATA framework is linked to the Lazarus APT group. The MATA orchestrator uses two unique filenames, c_2910.cls and k_3872.cls, which have only previously been seen in several Manuscrypt variants, including the samples (0137f688436c468d43b3e50878ec1a1f) mentioned in the US-CERT publication.

The hacker group behind this advanced malware framework attack aimed to steal the customer’s database and distribute ransomware.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Fake BSOD Attack Launched via Malicious Python Script

A peculiar malicious Python script has surfaced, employing an unusual and amusing anti-analysis trick...

SocGholish Malware Dropped from Hacked Web Pages using Weaponized ZIP Files

A recent wave of cyberattacks leveraging the SocGholish malware framework has been observed using...

Lazarus Group Targets Developers Worldwide with New Malware Tactic

North Korea's Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign...

North Korean IT Workers Penetrate Global Firms to Install System Backdoors

In a concerning escalation of cyber threats, North Korean IT operatives have infiltrated global...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Fake BSOD Attack Launched via Malicious Python Script

A peculiar malicious Python script has surfaced, employing an unusual and amusing anti-analysis trick...

SocGholish Malware Dropped from Hacked Web Pages using Weaponized ZIP Files

A recent wave of cyberattacks leveraging the SocGholish malware framework has been observed using...

Lazarus Group Targets Developers Worldwide with New Malware Tactic

North Korea's Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign...