"New Metador APT Discovered Targeting ISPs, Telcos"

Researchers have discovered a previously unknown, high-level attack group that has compromised telecommunications companies, universities, Internet Service Providers (ISPs), and other organizations throughout the Middle East and Africa by utilizing custom malware platforms and tools that have been around for years. It remains unclear where the group came from or whether it is affiliated with a government or a private actor. The group has been active for some time, but SentinelLabs researchers only recently discovered its activities while investigating a series of intrusions at one organization, which had been compromised by a number of Advanced Persistent Threat (APT) groups. Metador, a new threat group, had deployed several custom pieces of malware, including Linux implants. The threat group is said to be highly skilled as it has demonstrated the ability to evade security tools and employs customized infrastructure for each victim. Metador primarily conducts cyber espionage. SentinelLabs researchers believe the actor could be a high-level contractor rather than an intelligence agency or other state entity. This article continues to discuss new findings and observations surrounding the new Metador threat group regarding its targets, tools, and tactics. 

Decipher reports "New Metador APT Discovered Targeting ISPs, Telcos"