MATA malware framework exploits EDR in attacks on defense firms

The MATA backdoor framework, linked to North Korean Lazarus hacking group, was used in attacks on oil, gas, and defense firms in Eastern Europe between August 2022 and May 2023. Using spear-phishing emails, hackers targeted Internet Explorer’s vulnerability (CVE-2021-26411), spreading malware across the corporate network by exploiting security compliance solutions. The attack enabled surveillance on the corporate infrastructure and disseminated malware to subsidiaries. Kaspersky discovered three new versions of MATA malware with advanced remote control capabilities and ability to bypass endpoint security tools.