The Unseen Thread Linking Sandman APT and KEYPLUG Backdoor

Summary:

The Sandman Advanced Persistent Threat (APT) is closely linked to suspected threat clusters originating from China, specifically identified as Storm-0866, also known as Red Dev 40. Within the same victim environments, the Sandman’s Lua-based malware, LuaDream, and the KEYPLUG backdoor have been observed coexisting.

Threat Level – Red | Attack Report

For a detailed threat advisory, download the pdf file here

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.