Unveiling Cyber Espionage Tango: Sandman and Storm-0866 Dance with China's KEYPLUG in Coordinated Symphony

Tactical and targeting overlaps have been discovered between the enigmatic advanced persistent threat (APT) called Sandman and a China-based threat cluster that's known to use a backdoor known as KEYPLUG.

The assessment comes jointly from SentinelOne, PwC, and the Microsoft Threat Intelligence team based on the fact that the adversary's Lua-based malware LuaDream and KEYPLUG have been determined to cohabit "in the same victim networks."

"There are strong overlaps in operational infrastructure, targeting, and TTPs associating the Sandman APT with China-based adversaries using the KEYPLUG backdoor, STORM-0866/Red Dev 40 in particular," the researchers said. "This highlights the complex nature of the Chinese threat landscape."

For more details, you can read the full report from SentinelOne, PwC, and the Microsoft Threat Intelligence team.

CodeBreach

Search This Blog

Unveiling Cyber Espionage Tango: Sandman and Storm-0866 Dance with China's KEYPLUG in Coordinated Symphony

Comments

Post a Comment