News and promotions straight to your mailbox.
SANDMAN APT - CHINA
Researchers recently discovered that the APT group Sandman, known for it's targeting of telecommunications companies, has been directly associated to a Chinese based backdoor (KEYPLUG).
KEYPLUG has been identified as a backdoor used by the Chinese to carry out various type of espionage campaigns.
This association was made by multiple security vendors, and was based on the identification of the threat actors known malware (LUADREAM) being found to cohabit victim networks with KEYPLUG, the similarities in naming conventions of, infrastructure control and management practices, and selection of hosting providers.
The implementation practice of each piece of malware further identified similarities in development practices, functionality, and design.
Closer examination of the C2 infrastructure for each malware strain again showed similarities in infrastructure control and management as well as functionality and design.
This closer investigation additionally identified two C2 domains identified in both strains of malware.
Further reading about this topic and the threat actor: