Home Security Researchers Uncover New Metador APT Focusing on Telcos, ISPs, and Universities

Researchers Uncover New Metador APT Focusing on Telcos, ISPs, and Universities

by crpt os


A previously undocumented threat actor of unknown origin has been linked to attacks targeting telecom, internet service providers, and universities across multiple countries in the Middle East and Africa.

“The operators are highly aware of operations security, managing carefully segmented infrastructure per victim, and quickly deploying intricate countermeasures in the presence of security solutions,” researchers from SentinelOne said in a new report.

CyberSecurity

The cybersecurity firm codenamed the group Metador in reference to a string “I am meta” in one of their malware samples and because of Spanish-language responses from the command-and-control (C2) servers.

The threat actor is said to have primarily focused on the development of cross-platform malware in its pursuit of espionage aims. Other hallmarks of the campaign are the limited number of intrusions and long-term access to targets.

This includes two different Windows malware platforms called metaMain and Mafalda that are expressly engineered to operate in-memory and elude detection. metaMain also acts as a conduit to deploy Mafalda, a flexible interactive implant supporting 67 commands.

metaMain, for its part, is feature-rich on its own, enabling the adversary to maintain long-term access, log keystrokes, download and upload arbitrary files, and execute shellcode.

In a sign that Mafalda is being actively maintained by its developers, the malware gained support for 13 new commands between two variants compiled in April and December 2021, adding options for credential theft, network reconnaissance, and file system manipulation.

CyberSecurity

Attack chains have further involved an unknown Linux malware that’s employed to gather information from the compromised environment and funnel it back to Mafalda. The entry vector used to facilitate the intrusions is unknown as yet.

What’s more, references in the internal command’s documentation for Mafalda suggest a clear separation of responsibilities between the developers and operators. Ultimately though, Metador’s attribution remains a “garbled mystery.”

“Moreover, the technical complexity of the malware and its active development suggest a well-resourced group able to acquire, maintain and extend multiple frameworks,” researchers Juan Andres Guerrero-Saade, Amitai Ben Shushan Ehrlich, and Aleksandar Milenkoski noted.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex