A previously unknown hacking group has been discovered amid Lapsus' recent hacking attacks on Uber and Rockstar Games, per Tech Monitor.
Cybersecurity researchers have recently discovered a "never-before-seen" hacking group that has been breaching universities and telecommunications companies for quite some time.
Researchers found the hacking group capable of complex hacking techniques, though they haven't known much about the group due to its recent discovery, per DarkReading.
'Metador' Hacking Group Details
Cybersecurity researchers from SentinelLabs mentioned in a report that the hacking group in question, which they named "Metador," is a group originating from China and Iran that has been previously able to hide their activity from researchers for the past two years.
Researchers dubbed the hacking group Metador in reference to the string "I am meta" found in one of their malware samples and "the expectation of Spanish-language responses from the command-and-control servers."
According to a report from Bleeping Computer, the researchers found the hacking group when it deployed Singularity in a telecommunications company in the Middle East breached by around ten hackers from China and Iran some months ago.
Singularity is SentinelOne's extended detection and response solution to hacking incidents.
SentinelLabs' researchers mentioned in the report that the hacking group mostly targets various telecommunications companies, internet service providers (ISPs), and universities in the Middle East and Africa.
Additionally,
The group utilizes variants of two Windows-based malware, called "metaMain" and "Mafalda," to conduct their attacks, which are "extremely complex." These malware are made to operate in-memory and without being encrypted before "touch[ing] disks," allowing Metador to easily avoid telcos' and universities' native security protocols and standard Windows configurations.
On the other hand, Mafalda, a malware that can accept 67 commands, is being used by hackers to steal data, manipulate registries, and read the contents of a company's digital directory.
This malware is probably made by a team of authors based on the comments they left for the hackers to take note of.
SentinelLabs also discovered two other implants: Cryshell, a custom implant used for "bouncing connections in an internal network to external command-and-control servers."
Researchers also found an unknown Linux malware that the hackers use to steal "materials" from other machines and send them back to them through Mafalda.
Analysis of the malware and infrastructure Metador uses didn't reveal anything to "attribute" Metador with "sufficient confidence" as the group is "highly aware of operations security."
This awareness allows them to carefully manage and customize their hacking infrastructure per victim and quickly deploy countermeasures to companies' and universities' cybersecurity despite being protected by cybersecurity solutions.
What Must Be Done To Counter Metador's Counters
SentinelLabs reported the existence of Metador to release awareness on the hacking group and call threat intelligence researchers, service providers, and defenders to action to work together in "track[ing] down an elusive adversary with impuity."
There is cause for concern due to Metadors existence. The Hacker News mentioned that it is probable that the hacking group's main goal is espionage, though to what end, it didn't disclose.
Although one of SentinelLabs' researchers opened a "nation-state involvement" angle, there is no definitive evidence to say that there is, per Dark Reading.