Acronis Cyber Protect Cloud
for service providers

A previously unknown threat actor named "Metador" has been breaching telecommunication companies, internet services providers (ISPs), and universities across multiple countries in the Middle East and Africa for about two years.

Metador is primarily focused on the development of cross-platform malware for espionage purposes. The group uses two Windows-based malware variants named metaMain and Mafalda, and an unknown Linux malware that steals data from workstations and channels it back to Mafalda. The Windows-based malware frameworks run only in system memory, leaving no unencrypted traces on the compromised host.

The complexity of this malware and its active development status point towards a well-resourced group that can be expected to improve their tools further. Researchers also found that the developers had documented the malware frameworks and provided guidance for a separate group of operators. Ultimately though, Metador's attribution remains a mystery at this time.

Acronis Cyber Protect Cloud detects and blocks malware used in such attacks, with its included multi-layered behavioral and AI-powered detection engines. 

About Acronis

Acronis is a Swiss company, founded in Singapore. Celebrating two decades of innovation, Acronis has more than 1,800 employees in 45 locations. The Acronis Cyber Protect Cloud solution is available in 26 languages in over 150 countries and is used by 20,000 service providers to protect over 750,000 businesses.

More from Acronis