Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit

By Aleksandar Milenkoski, in collaboration with QGroup

Executive Summary

• SentinelLabs has observed a new threat activity cluster by an unknown threat actor we have dubbed Sandman.


• Sandman has been primarily targeting telecommunication providers in the Middle East, Western Europe, and the South Asian subcontinent.


• The activities are characterized by strategic lateral movements and minimal engagements, likely to minimize the risk of detection.


• Sandman has deployed a novel modular backdoor utilizing the LuaJIT platform, a relatively rare occurrence in the threat …

actor apt cluster collaboration europe executive malware analysis middle east qgroup sandman sentinellabs south targeting telecommunication telecommunication providers threat threat actor toolkit western