A Mysterious New Hacking Group

Uploaded on 2022-10-14 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Researchers from the research lab at SentinelOne have identified a new threat actor they have named Metador. Metador has infected a telecommunications company in the Middle East and multiple Internet service providers and universities in the Middle East and Africa. It is responsible for two "extremely complex" malware platforms, but a lot about the group that remains shrouded in mystery, according to new research revealed 

This mysterious new threat group has left researchers baffled about who may be behind the campaign and where else they may be operating.

Metador uses sophisticated technical measures to deploy Windows-based malware implants and clever tricks to avoid detection, but despite months of inspecting the code, SentinelLabs researchers say there’s still no clear, reliable sense of attribution.

Researchers discovered variants of two long-standing Windows malware platforms and indications of an additional Linux implant.

The threat actor has reportedly infected a telecommunications company in the Middle East and multiple Internet service providers and universities located across the Middle East and Africa. In addition, the group may be responsible for two malware platforms described as extremely complex. Although SentinelLabs has reported this new information, most of the details concerning the group remains a mystery.

The group has been dubbed Metador due to a phrase “I am meta” that has been identified in malicious code used by the hacking group and the fact that the server messages are frequently in Spanish. 

The researchers believe that the group has been in operation since December 2020, but until now it has been able to fly under the radar and avoid detection. SentinelLabs has released a blog post and technical details concerning the two malware platforms reportedly hosted by the threat group in hopes of identifying more victims that may have been infected. These platforms are named Mafalda and metaMain, according to SentinelLabs.

Based on a few findings in the code, however, some of the operators and developers appear to speak English as their native language, others appear to speak Spanish. Additionally, build times for some of the malicious components suggest the developers may be based in the UTC+1 timezone. These include many nations, including the UK and Spain.

It is possible that Metador may be the product of a contractor working on behalf of a nation-state, as there are signs the group was highly professional. Indeed, the members may have prior experience carrying out these kinds of attacks at this level.

The group is extremely well-resourced, as shown by the technical complexity of the malware, the group's advanced operational security to evade detection and the fact that it is under active development. 

Kim Zetter:     Dark Reading:     Security Week:     Sentinel One:    Flipboard:    Oodaloop

You Might Also Read: 

Significant Growth In State-Sponsored Cyber Attacks:

 

« Lapsus$ Hit Uber
CYRIN Launches New Docker Lab »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BH Consulting

BH Consulting

BH Consulting we are a vendor independent consulting firm providing market leading range of information security services focused on data protection and cybersecurity.

Mellanox Technologies

Mellanox Technologies

Mellanox Technologies is a leading supplier of end-to-end Ethernet and InfiniBand intelligent interconnect solutions and services for servers, storage, and hyper-converged infrastructure.

Outpost24

Outpost24

Outpost24 provides easy to deploy and intuitive solutions to continuously identify, remediate and mitigate vulnerabilities in your network.

ThetaRay

ThetaRay

ThetaRay’s solution for Industrial cyber security protects against unknown cyber-attacks that target industry and critical infrastructure.

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

T-ISAC Japan coordinates information sharing and activities related to ISP/telecommunications network security in Japan.

GreyCortex

GreyCortex

GreyCortex uses advanced artificial intelligence, machine learning, and data mining methods to help organizations make their IT operations secure and reliable.

YorCyberSec

YorCyberSec

YorCyberSec act as a trusted Cyber and Information Security broker and procurement specialist. We help companies to Reduce Risk, Increase Assurance and Improve Performance.

VISTA InfoSec

VISTA InfoSec

VISTA InfoSec is a global Information Security Consulting firm with offices based in US, UK, Singapore and India.

Diligent

Diligent

Diligent's SaaS GRC platform gives leaders a connected view of governance, risk, compliance and ESG across their organization.

Mondoo

Mondoo

Mondoo is a powerful security, compliance, and asset inventory tool that helps businesses identify vulnerabilities, track lost assets, and ensure policy compliance across their entire infrastructure.

Scality

Scality

Scality storage unifies data management from edge to core to cloud. Our market-leading file and object storage software protects data on-premises and in hybrid and multi-cloud environments.

Qi An Xin (QAX)

Qi An Xin (QAX)

QAX is a listed company based in China, and a leader in cybersecurity industry, providing new generation enterprise-level and national-level cybersecurity solutions.

C/side (cside)

C/side (cside)

At c/side, we're creating the ultimate delivery, performance and detection mechanism for browser-side fetched 3rd party Javascript.

PDI Technologies

PDI Technologies

PDI Technologies helps convenience retail and petroleum wholesale businesses around the globe increase efficiency and profitability by securely connecting their data and operations.

Tech Data

Tech Data

Tech Data, a TD Synnex company, is a leading global distributor and solutions aggregator for the IT ecosystem.

ReformIT

ReformIT

ReformIT is a Managed IT Service and Security provider with many years experience helping companies find the right IT solutions to meet the needs of their businesses.