Recently, the North Korea based hacking group Lazarus (also known as Hidden Kobra) has been observed delivering the TFlower ransomware by the the use of the MATA framework. While not much is known about the Lazarus Group, the cybercrime group has launched several high-profile attacks over the past few years to fulfill its financial motives and researchers have attributed many cyberattacks to them over the last decade.
The recent campaign of Lazarus group aims to exfiltrate data from the victims using a new and so far undocumented variant of MATA and TFlower. The MATA malware framework is the key technical component here, which works as an advanced cross-platform malware framework. Moreover, the group has leveraged multiple tools including the MATA backdoor to evade detection. Lazarus has operated and maintained an extensive C2 infrastructure while targeting multiple platforms, such as Windows, Linux, and mac, during the attack.
North Korea has always been responsible for several cyberattacks. The recent connection between Lazarus Group and TFlower Ransomware and use of advanced MATA Framework indicates that Lazarus Group is making serious effort by collaborating with additional crime entities, creating such entities, outsourcing its capabilities, or selling offensive tools to other groups to achieve its financial targets and scale all these cybercrime activities.