all InfoSec news
Sandman APT | China-Based Adversaries Embrace Lua
Dec. 11, 2023, 2:01 p.m. | MalBot
Malware Analysis, News and Indicators - Latest topics malware.news
By Aleksandar Milenkoski, Bendik Hagen (PwC), and Microsoft Threat Intelligence
Executive Summary
- The Sandman APT is likely associated with suspected China-based threat clusters known to use the KEYPLUG backdoor, in particular a cluster jointly presented by PwC and Microsoft at Labscon 2023 – STORM-0866/Red Dev 40.
- The Sandman’s Lua-based malware LuaDream and the KEYPLUG backdoor were observed co-existing in the same victim environments.
- Sandman and STORM-0866/Red Dev 40 share infrastructure control and management practices, including hosting provider selections, and domain …
adversaries apt backdoor china cluster clusters dev executive intelligence keyplug labscon lua malware malware analysis microsoft microsoft threat intelligence pwc sandman sandman apt storm threat threat clusters threat intelligence
More from malware.news / Malware Analysis, News and Indicators - Latest topics
What the Biggest-Ever Botnet Takedown Means
1 day, 7 hours ago |
malware.news
Nearly 6M WordPress sites may be affected by bugs in 3 plug-ins
1 day, 10 hours ago |
malware.news
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC