Hackers are targeting Windows, Linux and macOS operating systems using an advanced malware framework, called MATA, according to researchers at Kaspersky.

Researchers at the cyber-security firm believe that the framework has been in use since 2018 and is linked to Lazarus, a well-known North Korean threat actor.

“Malicious toolsets used to target multiple platforms are a rare breed, as they require significant investment from the developer,” the report said.

Such tools are deployed in a way that attackers can leverage them over a long period of time.

In the series of cyber-attacks discovered by Kaspersky, the MATA framework was able to target three platforms – Windows, Linux and macOS.

According to the report, the framework had several components, such as “a loader, an orchestrator (which manages and coordinates the processes once a device is infected) and plugins.”

“The actor behind this advanced malware framework has taken an aggressive approach to infiltrate corporate entities around the world. It was utilised for a number of attacks aimed at stealing customer databases and distributing ransomware – software designed to block access to a computer system until a sum of money is paid,” Kaspersky said.

Attackers have targeted people in Poland, Germany, Turkey, Korea, Japan and India. Industries such as a software development company, an e-commerce company and an internet service provider were targeted.

“Kaspersky researchers were able to link MATA to the Lazarus group, known for its sophisticated operations and links to North Korea, and for cyber-espionage and financially-motivated attacks,” it said.

“This series of attacks indicates that Lazarus was willing to invest significant resources into developing this toolset and widening the reach of organisations targeted – particularly in hunting for both money and data. Furthermore, writing malware for Linux and macOS systems often indicates that the attacker feels that he has more than enough tools for the Windows platform, which the overwhelming majority of devices are run on. This approach is typically found among mature APT groups,” said Seongsu Park, a senior security researcher. “We expect the MATA framework to be developed even further and advise organisations to pay more attention to the security of their data, as it remains one of the key and most valuable resources that could be affected.”

comment COMMENT NOW