The Lazarus Group, a North Korean hacking operation also known as Hidden Cobra, is deploying TFlower Ransomware. The group has been using the MATA malware framework to deliver payloads since 2019, a report says. The MATA backdoor provides the hacking group with remote code execution capability on infected machines and performs additional tasks such as screen capture and network traffic tunneling, the report adds. It was behind the WannaCry worm, theft of $81 million from a Bangladesh bank and attack on Sony Pictures.”]
Source: https://www.databreachtoday.com/lazarus-group-tied-to-tflower-ransomware-a-16100

