"Sophisticated MATA Framework Strikes Eastern European Oil and Gas Companies"

As part of a cyber espionage operation between August 2022 and May 2023, an updated version of a sophisticated backdoor framework called MATA was used in attacks against more than a dozen Eastern European oil and gas sector and defense industry companies. The threat actors behind the attack used spear-phishing emails to target several victims. Some were infected with Windows executable malware by downloading files. Researchers say each phishing document has an external link to fetch a remote page containing a CVE-2021-26411 exploit. It is a memory corruption vulnerability in Internet Explorer that could be exploited to execute arbitrary code by tricking a user into visiting a specially crafted website. The Lazarus Group previously exploited it against security researchers in early 2021. The cross-platform MATA framework was first documented in July 2020, attributing it to the prolific North Korean state-sponsored group in attacks against various sectors in Poland, Germany, Turkey, Korea, Japan, and India since April 2018. This article continues to discuss the updated version of a sophisticated backdoor framework.

THN reports "Sophisticated MATA Framework Strikes Eastern European Oil and Gas Companies"

Submitted by grigby1

Submitted by Gregory Rigby on