Cyber Security

Lazarus APT Group Enters the Provide Chain Assault Recreation | Cyware Alerts

The North Korea-linked Lazarus APT group is lively once more and this time it’s focusing on the IT provide chain. The risk actor is utilizing a multi-platform malware framework, generally known as the MATA framework together with a brand new variant of DeathNote malware.

What has occurred?

Kaspersky has reported that Lazarus APT is establishing provide chain assault capabilities with an up to date DeathNote malware cluster. 

The malware, which is an up to date variant of the BlindingCan RAT, has been used to focus on a number of IT firms.

  • In one of many incidents, the group focused a South Korean safety software program to construct an an infection chain geared toward a assume tank. 
  • In one other assault, an asset monitoring options developer based mostly in Latvia was focused.
  • Moreover, hackers use a Racket downloader (signed with a stolen certificates) within the an infection chain.
  • The group compromised uncovered net servers and deployed scripts to regulate the malicious implants.

It’s for the primary time that Lazarus has carried out an IT provide chain assault. Lazarus has used an up to date MATA framework for this marketing campaign, implying its unique curiosity on this framework.

Lazarus MATA relationship evaluation

  • The present model seems to be an enhanced model of the MATA framework, which is utilizing stolen however reputable digital certificates to signal a couple of of its parts.
  • A number of months in the past, Lazarus used MATA to focus on delicate knowledge within the protection trade.
  • Beforehand, MATA infrastructure has additionally been used for dropping ransomware payloads.
  • In reality, the downloader malware fetching MATA manifests a connection to TangoDaiwbo that was beforehand related to the Lazarus group.


Lazarus APT has joined the record of the risk teams using provide chain assaults. Using refined instruments reminiscent of MATA signifies that this risk actor could also be making an attempt to take the threats of provide chain assaults to the subsequent degree. Due to this fact, organizations ought to keep alert and deal with protection efforts towards such threats.

Source link