Mysterious ‘Metador’ Targets ISPs
A previously unknown threat actor named ‘Metador’ has been breaching telecommunication companies, internet services providers (ISPs), and universities across multiple countries in the Middle East and Africa for about two years.
Metador is primarily focused on the development of cross-platform malware for espionage purposes. The group uses two Windows-based malware named metaMain and Mafalda and an unknown Linux malware, that steals data from workstations and channels it back to Mafalda. The two Windows-based malware frameworks run only in system memory, leaving no unencrypted traces on the compromised host.
The complexity of the malware and its active development point to a well-resourced group that can improve the tools further. The researchers also found that the developers had documented the malware frameworks and provided guidance for a separate group of operators. Ultimately though, Metador’s attribution remains a mystery.
Acronis Cyber Protect detects and blocks malware used in such attacks, with the included multi-layered Behavioral and AI-Powered Detection Engines.