Sandman APT

Sandman APT - Terminal Brew
User 3301
SANDMAN APT - CHINA
Terminal Brew Cyber Coffee Cyber Threat Intel China
Researchers recently discovered that the APT group Sandman, known for it's targeting of telecommunications companies, has been directly associated to a Chinese based backdoor (KEYPLUG).
KEYPLUG has been identified as a backdoor used by the Chinese to carry out various type of espionage campaigns. 
This association was made by multiple security vendors, and was based on the identification of the threat actors known malware (LUADREAM) being found to cohabit victim networks with KEYPLUG, the similarities in naming conventions of, infrastructure control and management practices, and selection of hosting providers. 
Terminal Brew Cyber Coffee Cyber Threat Intel Command and Control Infrastructure Picture
The implementation practice of each piece of malware further identified similarities in development practices, functionality, and design. 
Closer examination of the C2 infrastructure for each malware strain again showed similarities in infrastructure control and management as well as functionality and design. 
This closer investigation additionally identified two C2 domains identified in both strains of malware. 
dan.det-ploshadka[.]com
ssl.e-novauto[.]com
Further reading about this topic and the threat actor:
https://otx.alienvault.com/pulse/6426bd73858ad1d51a283eb2 
https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/
https://thehackernews.com/2023/12/researchers-unmask-sandman-apts-hidden.html
 
 

Related posts

  • New Backdoor targeting Apple MacOS (RustDoor) - Terminal Brew

    New Backdoor targeting Apple MacOS (RustDoor)

    New Backdoor targeting Apple MacOS (RustDoor)
  • Apple Zero Click Spyware - Terminal Brew

    Apple Zero Click Spyware

    Apple zero-click iMessage exploit allows an attacker to infect iPhones with spyware without any interaction from the end user.
  • Cyber Threat Intel - HiatusRAT - Terminal Brew

    Cyber Threat Intel - HiatusRAT

    Cyber Threat Intel Update