The threat intelligence and malware analysis division of SentinelOne – unveiled the details of a never-before-seen threat actor, dubbed ‘Metador’, that has been actively targeting telecoms, ISPs, and universities across the Middle East and Africa,.
The second research drop offers new findings and insights into on the cyber mercenary group Void Balaur.
Key summary: Metador
- A never-before-seen advanced threat actor ‘Metador’ primarily targets telecommunications, internet service providers, and universities in several countries in the Middle East and Africa.
- The operators are highly aware of operations security, managing carefully segmented infrastructure per victim, and quickly deploying intricate countermeasures in the presence of security solutions.
- Metador’s attack chains are designed to bypass native security solutions while deploying malware platforms directly into memory. SentinelLabs researchers discovered variants of two long-standing Windows malware platforms, and indications of an additional Linux implant.
For more insight on the Metador attack chains, click this link.
Key summary: Void Balaur
- The cyber mercenary group known as Void Balaur continues to expand their hack-for-hire campaigns into 2022 unphased by disruptions to their online advertising personas.
- New targets include a wide variety of industries, often with particular business or political interests tied to Russia. Void Balaur also goes after targets valuable for prepositioning or facilitating future attacks. Their targets span the United States, Russia, Ukraine, and various other countries.
- Attacks are often very generic in theme, may appear opportunistic in nature, and account for targets making use of multi-factor authentication. The group seeks access to well-known email services (Gmail, Outlook, Yahoo), social media (Facebook, Instagram), messaging (Telegram), and corporate accounts.
Click here to read the full report on Void Balaur, which covers the group’s attack vectors and activity, and indicators.