Researchers Unmask Sandman APT’s Hidden Link to China-Based KEYPLUG Backdoor

There are tactical and targeting similarities between the China-based threat cluster known to utilize the KEYPLUG backdoor and the mysterious advanced persistent threat (APT) known as Sandman.

SentinelOne, PwC, and the Microsoft Threat Intelligence team collaborated on the assessment, which is based on the discovery that the adversary’s Lua-based malware LuaDream and KEYPLUG live together in the same victim networks.

The activity is being monitored by PwC and Microsoft under the codes Red Dev 40 and Storm-0866, respectively.

The companies said in a report shared with The Hacker News that “Sandman and Storm-0866/Red Dev 40 share infrastructure control and management practices read more Researchers Unmask Sandman APT’s Hidden Link to China-Based KEYPLUG Backdoor.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *