Sandman

Threat Actor updated a month ago (2024-08-14T09:56:57.269Z)

Download STIX

Preview STIX

Sandman is a notable threat actor or Advanced Persistent Threat (APT) group that has been gaining attention in the cybersecurity sector due to its malicious activities targeting telecommunications companies. The group employs a backdoor known as LuaDream to infiltrate their targets, causing significant concern in the industry. The backdoor allows Sandman to gain unauthorized access and control over the targeted systems, potentially leading to data breaches, service disruption, and other harmful impacts on the telecoms' operations. While the origin of Sandman is not definitively established, there are strong indications linking it to China-based adversaries. This association is primarily based on the use of KEYPLUG, a tool commonly associated with these Chinese entities. However, the cybersecurity firm SentinelLabs continues to track Sandman as a distinct cluster until further conclusive information emerges to confirm this link unequivocally. In conclusion, Sandman poses a significant threat to the telecommunications sector, given its sophisticated use of the LuaDream backdoor. Its potential association with China-based adversaries adds an extra layer of complexity to the threat landscape. As such, organizations, particularly those in the telecom industry, need to remain vigilant, continually monitor their networks for signs of intrusion, and keep their security measures up-to-date to mitigate the risks posed by such threat actors.

Description last updated: 2024-08-14T08:55:05.380Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Espionage

Apt

Malware

Backdoor

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Luadream	Unspecified	2	LuaDream is a type of malware, specifically designed to exploit and damage computer systems or devices. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Metador	Unspecified	2	Metador is a threat actor that has been discovered to target telecommunication companies, internet service providers, and universities. The group was first identified by SentinelLabs about a year ago but remains largely unattributed due to its elusive nature, placing it in the same category as other

Source Document References

Information about the Sandman Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	a month ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	a month ago	security-affairs-malware-newsletter-round-5
Securityaffairs	3 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 1
CERT-EU	9 months ago	Sandman Cyberespionage Group Linked to China
CERT-EU	9 months ago	Sandman Cyberespionage Group Linked to China
CERT-EU	9 months ago	Sandman APT - China-based adversaries embrace Lua – Global Security Mag Online
CERT-EU	9 months ago	Sandman APT - China-based adversaries embrace Lua – Global Security Mag Online
CERT-EU	9 months ago	Report Sees Chinese Threat Actors Embracing Sandman APT
CERT-EU	a year ago	Sandman Hackers: Threat Actors use LuaDream Info-stealing Malware
CERT-EU	a year ago	New stealthy APT targets telcos across three continents with novel backdoor
InfoSecurity-magazine	a year ago	Elusive Sandman APT Targets Telecom Giants With LuaJIT Toolkit
CERT-EU	a year ago	New Threat Group: Sandman Targets Telecommunication Companies Across the World With Infostealers
Securityaffairs	a year ago	Sandman APT targets telcos with LuaDream backdoor
CERT-EU	a year ago	Mysterious 'Sandman' Threat Actor Targets Telecom Providers Across Three Continents – GIXtools
CERT-EU	a year ago	‘Sandman’ hackers backdoor telcos with new LuaDream malware