MATA malware framework exploits EDR in attacks on defense firms

The MATA backdoor framework, associated with the North Korean Lazarus hacking group, has been used in cyber attacks on Eastern European oil, gas and defence firms. The hackers used spear-phishing emails to trick targets into downloading malware that exploited a vulnerability in Internet Explorer. The updated framework combined a loader, a trojan, and an infostealer to gain control over targeted networks. Cybersecurity firm Kaspersky found that MATA had also been used to breach financial software servers and the corporate network of targeted organisations.