Kaspersky researchers find new hack in North Korea-linked Lazarus group
Researchers at the cybersecurity company uncovered a new attack targeting Poland, Germany, Turkey, South Korea, Japan, and India
According to Kaspersky telemetry, victims infected by the MATA framework were located in Poland, Germany, Turkey, South Korea, Japan, and India. They deduced that the threat was not focusing on a specific territory. Lazarus comprised systems pertaining to a wide variety of industries, including e-commerce, software development, and internet service providers.
The researchers, who operate out of GReAT, Kaspersky's Global Research Team, spotted signs that indicate MATA was deployed since April, 2018. This demonstrates a significant investment from the developer that can result in numerous attacks over a long period of time.
MATA has been linked to the Lazarus Group, known for cyberespionage and suspicious links to North Korea. “The malware had several artefacts and made use of two files that have unique names that were not seen at any point except for one occasion,” explained Mark Lechtik, Senior Security Researcher at GReAT, who works out of Israel. “It was a sample called Manuscrypt. Manuscrypt is attributed by the research community to Lazarus under the pseudonym Hidden Cobra.”
He explained how the usual tactic is to steal customer databases and distribute a cyberespionage campaign capable of dropping ransomware - software that is designed to block access to a computer system until a sum of money is paid to the hackers. Lechtik told CTech in an interview that Lazarus Group was previously linked to the 2014 hack of Sony Pictures before the release of the Seth Rogan film, The Interview.
“This series of attacks indicates that Lazarus was willing to invest significant resources into developing this toolset and widening the reach of organizations targeted – particularly in hunting for both money and data,” comments Seongsu Park, a senior security researcher.
To make sure your computer system is safe from cyber attacks, Lechtik advises to install a dedicated cybersecurity product on your Windows, Linux, or MacOS device. It is also advisable to store all company data on hard drives in the event it needs to be recovered.
“You should be most careful about the kinds of messages, invitations, or emails that you receive,” Lechtik warns. “If you have any doubt you’re seeing something unusual, just don’t follow it. Don’t open it.”
Kaspersky was founded in 1997 and today protects more than 400 million users and 250,000 corporate clients.