A Mysterious New Hacking Group

Uploaded on 2022-10-14 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Researchers from the research lab at SentinelOne have identified a new threat actor they have named Metador. Metador has infected a telecommunications company in the Middle East and multiple Internet service providers and universities in the Middle East and Africa. It is responsible for two "extremely complex" malware platforms, but a lot about the group that remains shrouded in mystery, according to new research revealed 

This mysterious new threat group has left researchers baffled about who may be behind the campaign and where else they may be operating.

Metador uses sophisticated technical measures to deploy Windows-based malware implants and clever tricks to avoid detection, but despite months of inspecting the code, SentinelLabs researchers say there’s still no clear, reliable sense of attribution.

Researchers discovered variants of two long-standing Windows malware platforms and indications of an additional Linux implant.

The threat actor has reportedly infected a telecommunications company in the Middle East and multiple Internet service providers and universities located across the Middle East and Africa. In addition, the group may be responsible for two malware platforms described as extremely complex. Although SentinelLabs has reported this new information, most of the details concerning the group remains a mystery.

The group has been dubbed Metador due to a phrase “I am meta” that has been identified in malicious code used by the hacking group and the fact that the server messages are frequently in Spanish. 

The researchers believe that the group has been in operation since December 2020, but until now it has been able to fly under the radar and avoid detection. SentinelLabs has released a blog post and technical details concerning the two malware platforms reportedly hosted by the threat group in hopes of identifying more victims that may have been infected. These platforms are named Mafalda and metaMain, according to SentinelLabs.

Based on a few findings in the code, however, some of the operators and developers appear to speak English as their native language, others appear to speak Spanish. Additionally, build times for some of the malicious components suggest the developers may be based in the UTC+1 timezone. These include many nations, including the UK and Spain.

It is possible that Metador may be the product of a contractor working on behalf of a nation-state, as there are signs the group was highly professional. Indeed, the members may have prior experience carrying out these kinds of attacks at this level.

The group is extremely well-resourced, as shown by the technical complexity of the malware, the group's advanced operational security to evade detection and the fact that it is under active development. 

Kim Zetter:     Dark Reading:     Security Week:     Sentinel One:    Flipboard:    Oodaloop

You Might Also Read: 

Significant Growth In State-Sponsored Cyber Attacks:

 

« Lapsus$ Hit Uber
CYRIN Launches New Docker Lab »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Marsh

Marsh

Marsh is a global leader in insurance broking and risk management and has been a leader in combatting cyber threats since their emergence.

Code Dx

Code Dx

Code Dx is a software application vulnerability correlation and management system.

ISF Annual World Congress

ISF Annual World Congress

ISF Annual World Congress, our flagship global event, offers attendees an opportunity to discuss and find solutions to current security challenges.

Centripetal Networks

Centripetal Networks

Centripetal Networks was founded with one vision - to protect networks from advanced threats by simplifying intelligence-driven security.

Professional Insurance Agents (PIA)

Professional Insurance Agents (PIA)

Professional Insurance Agents (PIA) offer commercial insurance services including Cyber Liability insurance.

Intersec Worldwide

Intersec Worldwide

Intersec Worldwide is a boutique Information Security Firm specializing in PCI Compliance, Assessment, Remediation, Forensics, Data Breach Investigations, Incident Response and IT Managed Services.

Medigate

Medigate

Medigate is a dedicated medical device security platform protecting all of the connected medical devices on health care provider networks.

Navarino

Navarino

Navarino is the maritime industry’s most advanced communications and connectivity company. We develop advanced technologies and innovative IT solutions including cyber security.

Tata Consultancy Services

Tata Consultancy Services

Tata Consultancy Services is a global leader in IT services, consulting & business solutions including cyber security.

42Gears

42Gears

42Gears is a leading Unified Endpoint Management provider. Secure, monitor and manage tablets, phones, desktops and wearables.

Belkasoft

Belkasoft

Belkasoft is a software vendor providing public agencies, corporate security teams, and private investigators with digital forensic solutions.

Bureau Veritas

Bureau Veritas

Bureau Veritas are a world leader in Testing, Inspection and Certification. We provide certification and training services in areas including cybersecurity and data protection.

Secure Cyber Defense

Secure Cyber Defense

Secure Cyber Defense provides expert cybersecurity consulting and managed detection and response services to companies, local government, schools and universities.

Evanssion

Evanssion

Evanssion is a value added distributor specialized in Cloud Native & Cyber Security across Middle East & Africa.

Kennedys

Kennedys

Kennedys is a global law firm with expertise in litigation/dispute resolution and advisory services, particularly in the insurance/reinsurance and liability sectors, including cyber risk.

iNovex

iNovex

iNovex is a community of innovators that work together to solve hard problems. We partner with you to meet problems head-on and push boundaries with technology solutions.