Eastern European energy, defense firms subjected to updated MATA attacks

Organizations in the oil and gas and defense industries across Eastern Europe have been targeted by spear-phishing attacks leveraging a new iteration of the MATA backdoor framework from August 2022 to May 2023, according to BleepingComputer. Threat actors using the backdoor framework, which has executables exploiting the CVE-2021-26411 vulnerability were able to infiltrate the financial software servers of their target's subsidiaries to later facilitate complete corporate network access, a report from Kaspersky showed. Endpoint protection and compliance-checking security solutions were then targeted by attackers to enable malware distribution, said researchers. Further examination revealed three new MATA malware versions used in the attack, the latest of which features connectivity controls, implant management functionality, and information retrieval capability. Such malware was also found to support commands for network reconnaissance, file management, and remote shell execution, among others. Despite being previously linked to North Korea's Lazarus Group, evidence attributing the new MATA attacks to a specific threat operation remains lacking, researchers noted.