New Metador APT takes aim at companies, ISPs and universities
Cybersecurity News, Malware & Exploits,

New Metador APT takes aim at telecom companies, ISPs and universities

October 10, 2022
New Metador APT Target companies

A new malware, identified as Metador, is being used by attackers to target telecommunications, internet service providers and universities on multiple continents, according to security researchers at SentinelOne.

“The operators are highly aware of operations security managing carefully segmented infrastructure per victim, and quickly deploying intricate countermeasures in the presence of security solutions,” researchers from SentinelOne said in a new report.

The new threat group was discovered after one of the victims used Singularity, SentinelOne’s advanced XDR detection and response solutions, months after Metador compromised its network.

Although Metador was found in a Middle Eastern telecommunications company, researchers said the operation aims to gain long-term persistence for cyber espionage organizations in the Middle East and Africa.

However, Metador has not been associated with any group, SentinelLabs stated in its report that Metador is “managing carefully segmented infrastructure per victim and quickly deploying intricate countermeasures in the presence of security solutions.”

Details of the first infection are not known, but the custom implants were decrypted and loaded into memory through “cdb.exe,” the debugging tool in Windows that was used in the attack as LoLBin (living-off-the-binary). It was used to decrypt and load in memory the two custom ‘metaMain,’ and ‘mafalda,’ two custom Windows malware frameworks.

The metaMain implant is used for other “hands-on” operations such as screenshots, executing file actions, logging keyboard events, and executing arbitrary shell code.

Mafalda is a versatile implant and its commands include file operations, reading contents or directories that manipulate the registry, reconnaissance of the network and system, and exfiltrating data to the command and control (C2) server.

“We have artifacts pointing to late 2020, but it’s worth noting that the earliest variant of the Mafalda platform we were able to recover was already on build version 144. It’s likely that this group has been active for several years before anyone caught on,” said Guerrero-Saade, Senior Director of SentinelLabs.

The sources for this piece include an article in TheHackerNews.

Summary
New Metador APT takes aim at companies, ISPs and universities
Article Name
New Metador APT takes aim at companies, ISPs and universities
Description
A new malware, identified as Metador, is being used by attackers to target telecommunications, internet service providers and universities.

TuxCare can help you reduce your risk window to data exfiltration and other cyber security threats.

TALK TO A CYBERSECURITY EXPERT

Expert knowledge of Linux security tips,
live patching education, and Cybersecurity news.

Stay updated with the latest news and announcements from TuxCare.com

Related Articles

Hackers exploit DLL hijacking flaw...

Attackers are using phishing tactics to spread QBot, a Windows...

November 28, 2022

Apple patch iOS and macOS...

Apple has released security updates for iOS, iPadOS, and macOS...

November 25, 2022

Worok, the malware that hides...

Worok malware makes the rounds by deploying multi-level malware designed...

November 24, 2022

IceXLoader malware targets home and...

IceXLoader, an updated version of a malware loader, is suspected...

November 23, 2022

Hackers exploit security flaw in...

A security researcher, David Schütz has received a $70,000 bug...

November 22, 2022

Microsoft patches Windows 0-day...

Microsoft has fixed six actively exploited Windows vulnerabilities and 68...

November 21, 2022

Resources

State of Enterprise Linux Cybersecurity ... Read More State of Enterprise Linux Cybersecurity ...
Dangerous remotely exploitable vulnerability ... Read More Dangerous remotely exploitable vulnerability ...
Securing confidential research data ... Read More Securing confidential research data ...
State of Enterprise Vulnerability Detection ... Read More State of Enterprise Vulnerability Detection ...
Demand for Rapid Risk Elimination for ... Read More Demand for Rapid Risk Elimination for ...
TuxCare Free Raspberry Pi Patching Read More TuxCare Free Raspberry Pi Patching