New Metador APT Discovered Targeting ISPs, Telcos | Decipher
PHOENIX–Researchers have identified a previously unknown, high line attack group that has compromised telcos, universities, ISPs, and other organizations across the MIddle East and Africa using custom malware platforms and tools that have been in play for many years. It’s not clear yet where the group originates from or whether it is affiliated with a government or is a private actor.
The group has been operating for some time, but researchers at SentinelLabs only just discovered its activities recently while investigating a series of intrusions at one organization. That organization had been compromised by several separate APT groups, including Chinese and Iranian teams, and researchers discovered that a new actor, known as Metador, was also in the environment and had deployed several custom pieces of malware, including Linux implants. The new threat group is highly skilled, has shown the ability to evade security tools, and uses unique infrastructure for different victims. Metador is mainly focused on cyber espionage and SentinelLabs researchers say it’s possible the actor is a high level contractor rather than an intelligence agency or other state entity.
“Metador is notable precisely in their pragmatic combination of rudimentary techniques (e.g. LOLbins) with carefully executed advanced techniques (like per victim infrastructure segmentation, port knocking, and inscrutable custom anti-analysis techniques). Their operations are massively successful precisely in that they’ve eluded victims, defenders, and threat intel researchers until now despite maintaining these malware platforms for some time,” said Juan Andres Guerrero-Saade, senior director of SentinelLabs at SentinelOne.
/cdn.vox-cdn.com/uploads/chorus_asset/file/24801728/Screenshot_2023_07_21_at_1.45.12_PM.jpeg)
