Home>Blog>The Hacker News Headlines>Researchers Uncover New Metador APT Targeting Telcos, ISPs, and Universities
The Hacker News Headlines

Researchers Uncover New Metador APT Targeting Telcos, ISPs, and Universities

A previously undocumented threat actor of unknown origin has
been linked to attacks targeting telecom, internet service
providers, and universities across multiple countries in the Middle
East and Africa.

“The operators are highly aware of operations security, managing
carefully segmented infrastructure per victim, and quickly
deploying intricate countermeasures in the presence of security
solutions,” researchers from SentinelOne said[1]
in a new report.

CyberSecurity

The cybersecurity firm codenamed the group
Metador in reference to a string “I am meta” in
one of their malware samples and because of Spanish-language
responses from the command-and-control (C2) servers.

The threat actor is said to have primarily focused on the
development of cross-platform malware in its pursuit of espionage
aims. Other hallmarks of the campaign are the limited number of
intrusions and long-term access to targets.

This includes two different Windows malware platforms called
metaMain and Mafalda that are expressly engineered to operate
in-memory and elude detection. metaMain also acts as a conduit to
deploy Mafalda, a flexible interactive implant supporting 67
commands.

metaMain, for its part, is feature-rich on its own, enabling the
adversary to maintain long-term access, log keystrokes, download
and upload arbitrary files, and execute shellcode.

In a sign that Mafalda is being actively maintained by its
developers, the malware gained support for 13 new commands between
two variants compiled in April and December 2021, adding options
for credential theft, network reconnaissance, and file system
manipulation.

CyberSecurity

Attack chains have further involved an unknown Linux malware
that’s employed to gather information from the compromised
environment and funnel it back to Mafalda. The entry vector used to
facilitate the intrusions is unknown as yet.

What’s more, references in the internal command’s documentation
for Mafalda suggest a clear separation of responsibilities between
the developers and operators. Ultimately though, Metador’s
attribution remains a “garbled mystery.”

“Moreover, the technical complexity of the malware and its
active development suggest a well-resourced group able to acquire,
maintain and extend multiple frameworks,” researchers Juan Andres
Guerrero-Saade, Amitai Ben Shushan Ehrlich, and Aleksandar
Milenkoski noted.

References

  1. ^
    said
    (www.sentinelone.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.