Lazarus Group (North Korea): The North Korean threat actor Lazarus Group has been one of the most dominant hacking groups for North Korea. Best known for being financially motivated, the group is accused of being responsible for the attacks on Sony in 2014 and the WannaCry ransomware that affected most of the world. Researchers with Kaspersky Lab’s Global Research team have identified a new malware loader framework affecting Windows, Linux and macOS devices that they have linked to the group and dubbed MATA. Components of the same malware was previously described by Qihoo 360 Netlab researchers and called Dacls at that time. The ransomware affected Poland, Germany, Turkey, Korea, Japan, and India. MATA is a modular framework with several components such as a loader, orchestrator, and multiple plugins. These plugins allow them to alter the memory running commands, manipulate files and processes, inject DLL’s, and create HTTP proxies and tunnels on Windows devices. The plugins also allow the threat actor to scan for new targets on macOS and Linux systems. After the framework is in place, the Lazarus Group will use it to find databases with sensitive information, possibly exfiltrate the data, and in one case the attackers held the data for ransom by deploying VHD ransomware. Kaspersky linked the ransomware to the group through their use of unique orchestrator filenames which were also used in the Manuscrypt Trojan, also linked to the Lazarus Group.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in