The Unseen Thread Linking Sandman APT and KEYPLUG Backdoor
The Unseen Thread Linking Sandman APT and KEYPLUG Backdoor
Summary:
The Sandman Advanced Persistent Threat (APT) is closely linked to suspected threat clusters originating from China, specifically identified as Storm-0866, also known as Red Dev 40. Within the same victim environments, the Sandman’s Lua-based malware, LuaDream, and the KEYPLUG backdoor have been observed coexisting.
Threat Level – Red | Attack Report
For a detailed threat advisory, download the pdf file here
To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.