Kaspersky researchers have uncovered a sequence of assaults which use a sophisticated malware framework, referred to as MATA, to focus on Home windows, Linux and MacOS working methods.
In use since spring 2018, the framework is linked to Lazarus, a well known and prolific North Korean APT group.
Malicious toolsets used to focus on a number of platforms are a uncommon breed, as they require important funding from the developer. They’re usually deployed for long-term use, which ends up in elevated revenue for the actor by quite a few assaults unfold over time.
Within the instances found by Kaspersky, the MATA framework was capable of goal three platforms – Home windows, Linux and macOS – indicating that the attackers deliberate to make use of it for a number of functions. The framework consists of a number of elements, equivalent to a loader, an orchestrator (which manages and coordinates the processes as soon as a tool is contaminated) and plugins.
Based on Kaspersky researchers, the primary artefacts discovered referring to MATA have been utilized in or round April 2018. Since then, the actor behind this superior malware framework has taken an aggressive method to infiltrate company entities all over the world. It was utilised for numerous assaults aimed toward stealing buyer databases and distributing ransomware – software program designed to dam entry to a pc system till a sum of cash is paid.
Based on Kaspersky telemetry, victims contaminated by the MATA framework have been situated in Poland, Germany, Turkey, Korea, Japan and India, indicating that the menace actor was not specializing in a particular territory. Furthermore, Lazarus compromised methods in numerous industries, together with a software program growth firm, an e-commerce firm and an Web Service Supplier (ISP).
Kaspersky researchers have been capable of hyperlink MATA to the Lazarus group, recognized for its subtle operations and hyperlinks to North Korea, and for cyberespionage and financially-motivated assaults. Quite a lot of researchers, together with these at Kaspersky, beforehand reported on this group concentrating on banks and different massive monetary enterprises, together with the ATMDtrack assault and AppleJeus campaigns. This newest sequence of assaults recommend that the actor is constant this sort of exercise.
“This sequence of assaults signifies that Lazarus was keen to take a position important assets into creating this toolset and widening the attain of organisations focused – significantly in attempting to find each cash and knowledge,” feedback Seongsu Park, a senior safety researcher at Kaspersky.
“Moreover, writing malware for Linux and macOS methods usually signifies that the attacker feels that he has greater than sufficient instruments for the Home windows platform, which the overwhelming majority of gadgets are run on.
“This method is often discovered amongst mature APT teams. We count on the MATA framework to be developed even additional and advise organisations to pay extra consideration to the safety of their knowledge, because it stays one of many key and most respected assets that may very well be affected.”