Report Sees Chinese Threat Actors Embracing Sandman APT

SentinelLabs, Microsoft and PwC jointly issued an alert that threat actors thought to be associated with cybercriminals based in China have adopted an advanced persistent threat known as Sandman to insert malware in IT environments.
Aleksandar Milenkoski, senior threat researcher at SentinelOne, said the Sandman APT has now been linked to STORM-0866/Red Dev 40, a threat actor that is aligned with advancing the national interests of China.
Sandman was first discovered being used by Western intelligence agencies but is now being employed more widely, noted Milenkoski.
The Sandman APT leverages KEYPLUG backdoor malware to insert another type of malware, dubbed LuaDream, that makes us of evasion and obfuscation techniques that make it more difficult to detect, noted Milenkoski.
It's now been discovered that Sandman is communicating via infrastructure control and management practices, including hosting provider selections and domain naming conventions, typically associated with aSTORM-0866/Red Dev 40.
The malware created by Sandman is also finding its way into other cyberespionage tactics and techniques used by intelligence agencies around the world to compromise IT environments, noted Milenkoski.
It's not clear to what degree cybercriminals working on behalf of various intelligence agencies are sharing tactics and techniques versus merely copying them, but it's clear that once any type of variant of malware is shown to be effective, it's not long before it becomes more widely employed.
Cybersecurity teams should pay more attention to malware being developed by any intelligence agency on the assumption that variants of it will not only be adopted by other governments but also by cybercriminal syndicates looking to exploit weaknesses for financial gain.
Governments around the world are going to continue to invest in developing malware to advance their national interests.
Still, it's only a matter of time before that malware is discovered and then used by others.
It's not uncommon for a variant of malware developed by one government to one day be used to attack organizations within the borders of the government that originally created it.
Claims that one country is attacking organizations more than others often tend to ring hollow with cybersecurity teams that are, in effect, being attacked from all sides.
Making matters more challenging still, threat actors of all types are investing in artificial intelligence capabilities that promise to make it easier to both create and distribute malware.
Cybersecurity teams, as always, are largely dependent on security vendors to identify and ultimately thwart new types of malware.
The challenge is that as the pace at which more advanced malware is developed continues to increase, there will need to be a corresponding increase in the research required to identify it.
In essence, the pace at which the cat-and-mouse game in which cybersecurity researchers are engaged is only going to increase.
Cybersecurity teams, as a result, will need to revisit the workflows they currently rely on to combat emerging threats.
The primary victims of the malware being developed are most often organizations that are ultimately little more than collateral damage in a contest playing out at a global scale few of them have any ability to actually affect.


This Cyber News was published on securityboulevard.com. Publication date: Mon, 11 Dec 2023 14:43:05 +0000


Cyber News related to Report Sees Chinese Threat Actors Embracing Sandman APT

Sandman APT Gains Traction: Chinese Hackers Amplify Cybersecurity Risks - Following this assessment, SentinelOne, PwC, and Microsoft Threat Intelligence have been working together on this since they have determined that the adversary's Lua-based malware, LuaDream, and the KEYPLUG have both been found to cohabit in the ...
11 months ago Cysecurity.news
Report Sees Chinese Threat Actors Embracing Sandman APT - SentinelLabs, Microsoft and PwC jointly issued an alert that threat actors thought to be associated with cybercriminals based in China have adopted an advanced persistent threat known as Sandman to insert malware in IT environments. Aleksandar ...
11 months ago Securityboulevard.com
Staying ahead of threat actors in the age of AI - At the same time, it is also important for us to understand how AI can be potentially misused in the hands of threat actors. In collaboration with OpenAI, today we are publishing research on emerging threats in the age of AI, focusing on identified ...
9 months ago Microsoft.com
Chinese hacking documents offer glimpse into state surveillance - Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the nation's top policing agency and other parts of its government - a trove that catalogs apparent hacking ...
9 months ago Apnews.com
What is an advanced persistent threat? - An advanced persistent threat is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period. APT attacks are initiated to steal highly sensitive data rather than cause damage to ...
11 months ago Techtarget.com
Uncovering Chinas Surveillance of the United States Spies Hackers and Informants - Last week, a Chinese surveillance balloon in the United States caused a diplomatic uproar and raised concerns about how Beijing collects intelligence on its biggest rival. FBI Director Christopher Wray said in 2020 that Chinese spying is the most ...
1 year ago Securityweek.com
Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs - Common malware has led a group of researchers to link the once mysterious Sandman threat group, known for cyberattacks against telecom service providers across the world, to a growing web of Chinese government-backed advanced persistent threat ...
11 months ago Darkreading.com
Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
9 months ago Cysecurity.news
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
11 months ago Feeds.fortinet.com
Sandman Cyberespionage Group Linked to China - The recently outed advanced persistent threat actor Sandman appears linked to China, SentinelOne, Microsoft, and PwC say in a joint report. The hacking group was brought into the spotlight at the LABScon security conference, standing out because of ...
11 months ago Securityweek.com
Operation Morpheus took down 593 Cobalt Strike servers used by threat actors - Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Experts released PoC exploit code for a critical bug in Progress Telerik Report Servers. Threat actors may have exploited a zero-day in older iPhones, Apple warns. Nation-state ...
4 months ago Securityaffairs.com
Cyber Insights 2023: Criminal Gangs - The result is more than a dozen features on subjects ranging from AI, quantum encryption, and attack surface management to venture capital, regulations, and criminal gangs. Despite some geopolitical overlaps with state attackers, the majority of ...
1 year ago Securityweek.com
NCSC says AI will increase ransomware, cyberthreats - While ransomware activity is already surging, a new National Cyber Security Centre report assessed that the threat will only increase globally over the next year as AI improves phishing and other threat actor techniques. The report is based on an ...
10 months ago Techtarget.com
Threat actors misuse OAuth applications to automate financially driven attacks - Threat actors are misusing OAuth applications as an automation tool in financially motivated attacks. Threat actors compromise user accounts to create, modify, and grant high privileges to OAuth applications that they can misuse to hide malicious ...
11 months ago Microsoft.com
China's Dogged Campaign to Portray Itself as Victim of US Hacking - For more than two years, China's government has been attempting to portray the US as indulging in the same kind of cyber espionage and intrusion activities as the latter has accused of carrying out over the past several years. A recent examination of ...
9 months ago Darkreading.com
DHS and FBI: Chinese Drones Pose Major Threat to U.S. Security - The cybersecurity arm of the Department of Homeland Security and the Federal Bureau of Investigation have jointly issued a public service announcement cautioning about the potential risks posed by Chinese-manufactured drones to critical ...
10 months ago Cysecurity.news
7 Months Inside an Online Scam Labor Camp - He had been kidnapped and forced to work for an abusive online scam operation. A man was abducted by a Chinese gang and forced to work in a scam operation. More than anything else, Neo Lu, a 28-year-old Chinese office worker, believed the gig would ...
11 months ago Nytimes.com
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours - In late December 2022, we observed threat actors exploiting a publicly exposed Remote Desktop Protocol host, leading to data exfiltration and the deployment of Trigona ransomware. On Christmas Eve, within just three hours of gaining initial access, ...
10 months ago Thedfirreport.com
Chinese Threat Actors Concealed in US Infrastructure Networks - According to a joint alert from CISA, the NSA, the FBI, and partner Five Eyes organizations, the Chinese cyberespionage group Volt Typhoon entered a critical infrastructure network in the United States and remained undiscovered for at least five ...
9 months ago Heimdalsecurity.com
What Is Cyber Threat Hunting? - Cyber threat hunting involves proactively searching for threats on an organization's network that are unknown to traditional cybersecurity solutions. A recent report from Armis found that cyber attack attempts increased by 104% in 2023, underscoring ...
10 months ago Techrepublic.com
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
5 months ago Securityaffairs.com
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
5 months ago Securityaffairs.com
How to Overcome the Most Common Challenges with Threat Intelligence - Today's typical approach to threat intelligence isn't putting organizations in a place to do that. Instead, many threat intelligence tools are delivering too much uncurated and irrelevant information that arrives too late to act upon. Organizations ...
11 months ago Cyberdefensemagazine.com
Opening Statement by CISA Director Jen Easterly - Chairman Gallagher, Ranking Member Krishnamoorthi, Members of the Committee, thank you for the opportunity to testify on CISA's efforts to protect the Nation from the preeminent cyber threat posed by the People's Republic of China. As America's ...
10 months ago Cisa.gov
Chinese APT Hacks 48 Government Organizations - An advanced persistent threat actor likely operating on behalf of the Chinese government has compromised dozens of foreign government entities worldwide, Trend Micro reports. Referred to as Earth Krahang, the hacking group appears linked to Earth ...
8 months ago Securityweek.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)