news
Lazarus employs multi-platform malware
framework in series of attacks
aspersky researchers
K
have uncovered a series
of attacks which use an
advanced malware framework,
called MATA, to target Windows,
Linux and macOS operating
systems. In use since spring 2018,
the framework is linked to Lazarus
– a well-known and prolific North
Korean APT group.
Malicious toolsets used to target
multiple platforms are a rare breed,
as they require significant investment
from the developer. They are often
deployed for long-term use, which
results in increased profit for the
actor through numerous attacks
spread over time.
In the cases discovered by
Kaspersky, the MATA framework
was able to target three platforms
– Windows, Linux and macOS
– indicating that the attackers
planned to use it for multiple purposes.
The framework consists of several
components, such as a loader, an
orchestrator (which manages and coordinates
the processes once a device
is infected) and plugins.
According to Kaspersky researchers,
the first artefacts found relating to MATA
were used in or around April 2018.
Since then, the actor behind this
advanced malware framework has
taken an aggressive approach to
infiltrate corporate entities around
the world. It was utilised for a
number of attacks aimed at stealing
customer databases and distributing
ransomware – software designed to
block access to a computer system
until a sum of money is paid.
LOGRHYTHM RELEASES VERSION 7.5 OF NEXTGEN SIEM
PLATFORM AND NEW OPEN COLLECTOR TECHNOLOGY
ogRhythm, a company
L
powering today’s Security
Operations Centres (SOCs),
has announced the launch of version
7.5 of the LogRhythm NextGen SIEM
Platform as well as the inaugural release
of its Open Collector technology.
LogRhythm 7.5 provides enhanced
analyst workflow experiences and
visibility, while Open Collector simplifies
the process of onboarding cloud data
sources for more holistic monitoring.
“Organisations produce more data today
than ever before, so security teams
need comprehensive visibility across
their environment,” said Sue Buck, Chief
Technology Officer of LogRhythm. “But
we also don’t want the amount of data
needed for full visibility to ultimately
overwhelm analysts. With LogRhythm
7.5, we’re making it even simpler and
faster for analysts to get the precise
information they need to remediate
suspicious or threatening activity.”
LogRhythm 7.5 and Open Collector make
it faster and easier for security analysts
to detect and mitigate threats – no
matter their level of experience.
“Businesses continue to accelerate their
Digital Transformations and adoption of
cloud services; with that comes an everincreasing
urgency to maintain visibility
across hybrid and cloudnative
environments,” said
Rust Carter, Chief Product
Officer of LogRhythm.
“Our advancements with
Open Collector exemplify
our continued focus
on delivering analytics
and orchestration that
simplify management of
the organisation’s security
posture – especially as it
tackles these challenges.”
www.intelligentciso.com | Issue 29
7