Eastern European Energy and Defense Firms Face Targeted Attacks with MATA Backdoor
Vulnerability Has a 7.5 Out of 10 Severity Score
Overt Operator
October 21, 2023
A recent study conducted by cybersecurity firm Kaspersky has revealed that numerous oil, gas, and defense companies in Eastern Europe have fallen victim to a sophisticated cyberattack campaign involving an updated version of the MATA backdoor framework, The Record reported on Thursday, October 19.
While the previous version of MATA was associated with the North Korean hacker group Lazarus, researchers have not directly linked the latest attacks to the group. However, they have identified a significant clue that suggests the involvement of a developer familiar with Korean or working in a Korean environment.
The campaign, which spanned from August 2022 to May 2023, relied on phishing emails to deceive targeted individuals into downloading malware that exploited a vulnerability in Internet Explorer. This vulnerability, known as CVE-2021-26411, holds a severity score of 7.5 out of 10 on the Common Vulnerability Scoring System (CVSS) scale. Interestingly, the Lazarus group had previously utilized this vulnerability in their campaign against security researchers.
To make their phishing emails appear genuine, the attackers masqueraded as authentic employees of the targeted organizations, indicating that they conducted thorough research before launching their attacks. The emails contained malicious documents unrelated to the businesses, with the text sourced from third-party websites on the internet. Kaspersky noted that Lazarus had previously employed this tactic during their attacks on defense industry facilities in 2020.
While the attackers utilized tools and tactics similar to those seen in previous MATA attacks, they also introduced improved malware capabilities. Researchers discovered three new generations of the MATA malware, some of which were built upon previous versions while others were completely rewritten.
These advancements in malware technology allowed the attackers to enhance their ability to infiltrate and compromise targeted systems.
Protecting energy and defense firms from such cyber threats is of paramount importance, considering the potential consequences of a successful attack. Organizations must remain vigilant and implement robust cybersecurity measures.
Regular employee training sessions on identifying and avoiding phishing emails can significantly reduce the risk of falling victim to such attacks. Additionally, keeping software and systems up to date with the latest patches and security updates can help mitigate the exploitation of known vulnerabilities.
The identification of this latest cyberattack campaign targeting Eastern European energy and defense firms underscores the evolving nature of cyber threats. As hackers continue to refine their techniques and exploit vulnerabilities, organizations are urged by cybersecurity experts to stay one step ahead by proactively addressing and strengthening their cybersecurity defenses.
By doing so, they can mitigate the risks associated with these targeted attacks and safeguard their valuable data and systems from malicious actors.