Security News > 2022 > September > Researchers Uncover New Metador APT Targeting Telcos, ISPs, and Universities

The cybersecurity firm codenamed the group Metador in reference to a string "I am meta" in one of their malware samples and because of Spanish-language responses from the command-and-control servers.

The threat actor is said to have primarily focused on the development of cross-platform malware in its pursuit of espionage aims.

In a sign that Mafalda is being actively maintained by its developers, the malware gained support for 13 new commands between two variants compiled in April and December 2021, adding options for credential theft, network reconnaissance, and file system manipulation.

Attack chains have further involved an unknown Linux malware that's employed to gather information from the compromised environment and funnel it back to Mafalda.

What's more, references in the internal command's documentation for Mafalda suggest a clear separation of responsibilities between the developers and operators.

"Moreover, the technical complexity of the malware and its active development suggest a well-resourced group able to acquire, maintain and extend multiple frameworks," researchers Juan Andres Guerrero-Saade, Amitai Ben Shushan Ehrlich, and Aleksandar Milenkoski noted.

News URL

https://thehackernews.com/2022/09/researchers-uncover-new-metador-apt.html