Malware News Researchers Unmask Sandman APT's Hidden Link to China-Based KEYPLUG Backdoor

[silversurfer]

Content source

https://thehackernews.com/2023/12/researchers-unmask-sandman-apts-hidden.html

Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster that's known to use a backdoor known as KEYPLUG.

The assessment comes jointly from SentinelOne, PwC, and the Microsoft Threat Intelligence team based on the fact that the adversary's Lua-based malware LuaDream and KEYPLUG have been determined to cohabit "in the same victim networks.

Microsoft and PwC are tracking the activity under the names Storm-0866 and Red Dev 40, respectively.

"Sandman and Storm-0866/Red Dev 40 share infrastructure control and management practices, including hosting provider selections, and domain naming conventions, the companies said in a report shared with The Hacker News."