A previously undocumented threat actor of unknown origin has been linked to attacks targeting telecom, internet service providers, and universities across multiple countries in the Middle East and Africa.
“The operators are highly aware of operations security, managing carefully segmented infrastructure per victim, and quickly deploying intricate countermeasures in the presence of security solutions,” researchers from SentinelOne said in a new report.
The cybersecurity firm codenamed the group Metador in reference to a string “I am meta” in one of their malware samples and because of Spanish-language responses from the command-and-control (C2) servers.
The threat actor is said to have primarily focused on the development of cross-platform malware in its pursuit of espionage aims. Other hallmarks of the campaign are the limited number of intrusions and long-term access to targets.
images from Hacker News