"Mysterious 'Sandman' APT Targets Telecom Sector With Novel Backdoor"

The list of Advanced Persistent Threat (APT) actors against which telecommunications companies must secure their data and networks now includes an additional sophisticated adversary. The new threat called "Sandman" is a group of unknown origin that emerged in August and has been using LuaJIT, a high-performance, just-in-time compiler for the Lua programming language, to deploy a novel backdoor. Researchers at SentinelOne are tracking the backdoor as "LuaDream" after spotting it in attacks against telecommunications companies in the Middle East, Western Europe, and South Asia. Their analysis revealed that the malware is highly modular and possesses various functions for stealing system and user information, facilitating future attacks, and managing attacker-supplied plugins that extend its capabilities. This article continues to discuss findings and observations regarding the Sandman APT.

Dark Reading reports "Mysterious 'Sandman' APT Targets Telecom Sector With Novel Backdoor"