Security News > 2022 > September > New hacking group ‘Metador’ lurking in ISP networks for months
The group uses two Windows-based malware that have been described as "Extremely complex" but there are indications of Linux malware, too.
Researchers at SentinelLabs discovered Metador in an telecommunications company in the Middle East that had already been breached by about ten other threat actors originating from China and Iran, among them Moshen Dragon and MuddyWater.
Analysis of the malware and the infrastructure did not reveal clues to attribute Metador with sufficient confidence, one characteristic of the group being that it is "Highly aware of operations security."
SentinelLabs notes in their report that Metador is "Managing carefully segmented infrastructure per victim, and quickly deploying intricate countermeasures in the presence of security solutions."
The researchers discovered the new threat group after the victim organization deployed Singularity, SentinelOne's extended detection and response solution months after Metador compromised its network.
SentinelLabs researchers theorize that behind Metador is "a high-end contractor arrangement," like one typical for a nation-state operation.