Updated-MATA-attacks-Eastern-Europe_full-report_ENG.pdf (2 MB)

The attacker employed a combination of loader, main trojan, and stealer infection chains similar to those used by the previous MATA cluster and updated each malware’s capabilities. The actors behind the attack used spear-phishing mails to target several victims, some were infected with Windows executable malware by downloading files through an internet browser. In both cases, security solutions were used by attackers to gather information about the targeted organization’s infrastructure and to distribute malware, as both systems have the capability to deploy and execute files remotely. In some instances, they used malware that was only capable of capturing screenshots from the user’s device.