Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called
Sandman and a China-based threat cluster that's known to use a backdoor known as KEYPLUG.
The assessment comes jointly from SentinelOne, PwC, and the Microsoft Threat Intelligence team based on the fact that the adversary's Lua-based malware LuaDream and KEYPLUG have been determined to cohabit "in the same victim networks.
Microsoft and PwC are tracking the activity under the names Storm-0866 and Red Dev 40, respectively.
"Sandman and Storm-0866/Red Dev 40 share infrastructure control and management practices, including hosting provider selections, and domain naming conventions, the companies
said in a report shared with The Hacker News."
