A Mysterious New Hacking Group

Uploaded on 2022-10-14 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Researchers from the research lab at SentinelOne have identified a new threat actor they have named Metador. Metador has infected a telecommunications company in the Middle East and multiple Internet service providers and universities in the Middle East and Africa. It is responsible for two "extremely complex" malware platforms, but a lot about the group that remains shrouded in mystery, according to new research revealed 

This mysterious new threat group has left researchers baffled about who may be behind the campaign and where else they may be operating.

Metador uses sophisticated technical measures to deploy Windows-based malware implants and clever tricks to avoid detection, but despite months of inspecting the code, SentinelLabs researchers say there’s still no clear, reliable sense of attribution.

Researchers discovered variants of two long-standing Windows malware platforms and indications of an additional Linux implant.

The threat actor has reportedly infected a telecommunications company in the Middle East and multiple Internet service providers and universities located across the Middle East and Africa. In addition, the group may be responsible for two malware platforms described as extremely complex. Although SentinelLabs has reported this new information, most of the details concerning the group remains a mystery.

The group has been dubbed Metador due to a phrase “I am meta” that has been identified in malicious code used by the hacking group and the fact that the server messages are frequently in Spanish. 

The researchers believe that the group has been in operation since December 2020, but until now it has been able to fly under the radar and avoid detection. SentinelLabs has released a blog post and technical details concerning the two malware platforms reportedly hosted by the threat group in hopes of identifying more victims that may have been infected. These platforms are named Mafalda and metaMain, according to SentinelLabs.

Based on a few findings in the code, however, some of the operators and developers appear to speak English as their native language, others appear to speak Spanish. Additionally, build times for some of the malicious components suggest the developers may be based in the UTC+1 timezone. These include many nations, including the UK and Spain.

It is possible that Metador may be the product of a contractor working on behalf of a nation-state, as there are signs the group was highly professional. Indeed, the members may have prior experience carrying out these kinds of attacks at this level.

The group is extremely well-resourced, as shown by the technical complexity of the malware, the group's advanced operational security to evade detection and the fact that it is under active development. 

Kim Zetter:     Dark Reading:     Security Week:     Sentinel One:    Flipboard:    Oodaloop

You Might Also Read: 

Significant Growth In State-Sponsored Cyber Attacks:

 

« Lapsus$ Hit Uber
CYRIN Launches New Docker Lab »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Infinigate UK

Infinigate UK

Infinigate is a value-added distributor of IT security solutions to protect and defend IT networks, servers, devices, data, applications, as well as the cloud.

Social-Engineer

Social-Engineer

Social-Engineer is a team of outside–the–box thinkers that share a common focus on human-to-human social engineering.

ClearDATA

ClearDATA

The ClearDATA Managed Cloud protects sensitive healthcare data using purpose-built DevOps automation, compliance and security safeguards, and healthcare expertise.

SQNetworks

SQNetworks

SQNetworks provides a full range of cybersecurity consultancy, services and solutions.

Salt Security

Salt Security

Salt Security protects the APIs that are the core of every SaaS, web, mobile, microservices and IoT application.

SoSafe

SoSafe

SoSafe empowers organizations to build a security culture and mitigate risk with its GDPR-compliant awareness programs.

Morphus Information Security

Morphus Information Security

Morphus is an information security company providing Red Team, Blue Team and GRC services as well as conducting research in cybersecurity and threat analysis.

Japan Cybersecurity Innovation Committee (JCIC)

Japan Cybersecurity Innovation Committee (JCIC)

JCIC is an independent and not-for-profit thinktank to establish a secure and safe digital society.

Voxility

Voxility

Voxility provides Infrastructure-as-a-Service in the biggest Internet hubs in the world.

MazeBolt Technologies

MazeBolt Technologies

Israel-based MazeBolt is an innovation leader in cybersecurity, with over two decades of experience in pioneering DDoS protection solutions.

QuoIntelligence

QuoIntelligence

QuoIntelligence experts can help your team understand the evolving cyber threats and provide simple yet comprehensive recommendations so you can focus on what matters.

DatChat

DatChat

DatChat Inc. is a blockchain, cybersecurity, and social media company that focuses on protecting privacy on our devices and also protecting our information after we have shared it with others.

IN4 Group

IN4 Group

IN4 Group is a skills, innovation and start-up services provider that specialises in supporting businesses with the training, communities, networks and advice they need to scale.

Kennedys

Kennedys

Kennedys is a global law firm with expertise in litigation/dispute resolution and advisory services, particularly in the insurance/reinsurance and liability sectors, including cyber risk.

Skyhawk Security

Skyhawk Security

Skyhawk Security is the originator of Cloud threat Detection and Response (CDR), helping hundreds of users map and remediate sophisticated threats to cloud infrastructure in minutes.

itm8

itm8

itm8 is a Nordic digital transformation partner offering a wide range of services in IT operations and Cloud Services, Digital Transformation, Application Services, ERP, and Cyber Security.

INTfinity Consulting

INTfinity Consulting

The INTfinity team brings together decades of professional experience in cybersecurity. We're here to apply that same experience and proficiency in defending your networks.

403Tech Inc.

403Tech Inc.

403Tech is a Calgary based IT Solutions Provider, specializing in small & medium business.