The specialists of “Kaspersky Lab” has fixed a new targeted attack known North Korean hacker group Lazarus in Russia, said in a statement.
According to experts, at least since the spring of 2018 APT-group (target) Lazarus conducts attacks using advanced framework (the platform that defines the structure of a software system – ed.) is MATA. Its peculiarity lies in the fact that he can hack the device regardless of what operating system it runs – Windows, Linux or macOS.
“This month was discovered attack Lazarus in Russia, which used backdoor Manuscrypt. This tool has an intersection with MATA in the logic command server and the internal naming of components”, – stated in the message.
The company noted that multi-platform malware tools – a rarity, since their development requires significant investment. Accordingly, they are not created for single use and for long term use. Thus, this framework was seen in the attacks for the purpose of theft of databases of companies and infecting corporate networks-virus coders.
“According to “Kaspersky Lab”, among the victims MATA is located in Poland, Germany, Turkey, South Korea, Japan and India, including software manufacturer, trading company and Internet provider”, – reported the experts of the company.
According to the head of the Russian research center “Kaspersky Lab” Yuri Namestnikov, examining a series of attacks, the company concluded that the Lazarus team is ready to seriously invest in the development of tools and seeking victims around the world. “Typically, fraudsters create malware for Linux and macOS in that case, if they have enough tools for attacks on Windows devices. This approach is characteristic of the Mature APT-group”, – he explained.
The expert believes that the group will continue to Refine their techniques for future targeted attacks. Governors were reminded organizations of the need to strengthen the protection of data, since the information remains the key and most valuable resource that often is the target of such attacks.