New hacking group ‘Metador’ lurking in ISP networks for months

A previously unknown threat actor that researchers have named ‘Metador’ has been breaching telecommunications, internet services providers (ISPs), and universities for about two years.

Metador targets organizations in the Middle East and Africa and their purpose appears to be long-term persistence for espionage. The group uses two Windows-based malware that have been described as “extremely complex” but there are indications of Linux malware, too.

Researchers at SentinelLabs discovered Metador in an telecommunications company in the Middle East that had already been breached by about ten other threat actors originating from China and Iran, among them Moshen Dragon and MuddyWater.

Read more…