DETROIT – During a recent investigation of a series of cyber intrusions into an unnamed high-value target, threat intelligence researchers with SentinelOne’s SentinelLabs team discovered nearly 10 hacking groups associated with China and Iran.
This isn’t necessarily new when dealing with significant targets, sometimes referred to as a “magnet of threats” in cybersecurity, as they attract and host multiple hacking efforts simultaneously. But among the cohabitating groups, researchers unearthed a previously unknown group that seems to be operating in alignment with nation-state interests and perhaps as part of a high-end contractor arrangement.
The group — dubbed “Metador” in reference to a string “I am meta” in one of their malware samples, and because of Spanish responses from the command and control servers — shows signs of operating for at least two years, with signs of extensive resources having been poured into development and maintenance in pursuit of what are likely espionage aims.
The group’s advanced techniques underscore the importance of effective malware removal strategies for defending against such threats. Organizations facing these challenges must implement regular system updates, robust endpoint protection solutions, and memory-scanning tools to detect and remove malicious activity. Metador’s attacks involve two sophisticated Windows malware platforms deployed directly into memory, with evidence of an additional Linux implant. These tools are capable of rapid adaptation, as demonstrated when the group quickly responded to one victim’s deployment of a new security solution after an initial infection. ‘That swift response only did more to pique our interest,’ the researchers said.
To read more, click on Cyber Snoop
