Updated MATA attacks industrial companies in Eastern Europe
SecureList
OCTOBER 18, 2023
Using a vulnerability in a legitimate driver and a rootkit, they interfered with the antivirus, intercepted user credentials (many of which were cached on the terminal server, including accounts with administrator privileges on many systems), and began actively moving around the network. The last one we named MATA gen.5
Let's personalize your content