Hackers linked to North Korean APT (Advanced Persistent Threat) are found to be using an advanced malware framework called MATA to use Windows, Linux and Mac Operating Systems.
Cyber security experts say India is among the top victims of this novel attack. Other victims are located in Poland, Germany, Turkey, Korea and Japan.
The MATA framework consists of a loader, an orchestrator (which manages and coordinates the processes once a device is compromised) and plugins.
Cyber security experts point out that it’s among the rare tool sets that target multiple platforms. “It is a rare bread as they require significant investment from the developer to develop such tools. It is used over longer periods as they accrue benefits throughout,”a cyber security experts said .
The first of the MATA attacks were April 2018. Since then, the actor behind this advanced malware framework has taken an aggressive approach to infiltrate corporate entities around the world, cyber security solutions firm Kaspersky has said.
“It was utilised for a number of attacks aimed at stealing customer databases and distributing ransomware,” it said.
Kaspersky researchers were able to link MATA to the Lazarus group, known for its sophisticated operations and links to North Korea, and for cyber espionage and financially-motivated attacks. This group had a history of targeting banks and financial institutions.
“We expect the MATA framework to be developed even further and advise organisations to pay more attention to the security of their data,” Seongsu Park, a senior security researcher at Kaspersky, said.
To protect their systems, organisations should install a dedicated cyber security product on all Windows, Linux and MacOS endpoints (devices). The security team should have access to the latest Threat Intelligence to help them stay up to date with any new and emerging tools, techniques and tactics used by the hackers.
“You should have fresh back-up copies of business data. It will help you recover data that may be lost or locked due to ransomware,” the Kaspersky executive said.