TFlower Ransomware Delivered by Lazarus Group

kobra Blogs | IEMLabs

Recently, the North Korea based hacking group Lazarus (also known as Hidden Kobra) has been observed delivering the TFlower ransomware by the the use of the MATA framework. While not much is known about the Lazarus Group, the cybercrime group has launched several high-profile attacks over the past few years to fulfill its financial motives and researchers have attributed many cyberattacks to them over the last decade.

The recent campaign of Lazarus group aims to exfiltrate data from the victims using a new and so far undocumented variant of MATA and TFlower. The MATA malware framework is the key technical component here, which works as an advanced cross-platform malware framework. Moreover, the group has leveraged multiple tools including the MATA backdoor to evade detection. Lazarus has operated and maintained an extensive C2 infrastructure while targeting multiple platforms, such as Windows, Linux, and mac, during the attack.

North Korea has always been responsible for several cyberattacks. The recent connection between Lazarus Group and TFlower Ransomware and use of advanced MATA Framework indicates that Lazarus Group is making serious effort by collaborating with additional crime entities, creating such entities, outsourcing its capabilities, or selling offensive tools to other groups to achieve its financial targets and scale all these cybercrime activities.

By Hrithik Lall

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.