Sandman APT Gains Traction: Chinese Hackers Amplify Cybersecurity Risks

Following this assessment, SentinelOne, PwC, and Microsoft Threat Intelligence have been working together on this since they have determined that the adversary's Lua-based malware, LuaDream, and the KEYPLUG have both been found to cohabit in the victim network alongside each other.
Microsoft, SentinelLabs and PwC have collectively alerted consumers and businesses to the fact that threat actors who were allegedly linked to Chinese cybercriminals have deployed an advanced persistent threat referred to as Sandman to infiltrate IT environments with malware.
An expert at SentinelOne, Aleksandar Milenkoski, said that Sandman has now been linked to STORM-0866/Red Dev 40, a threat actor aligned with the Chinese government's national interests, meaning that STORM-0866/Red Dev 40 targets Chinese companies.
Following a series of cyberattacks carried out on telcos across the Middle East, Western Europe, and South Asia, Sandman was first identified in August.
On the other hand, Storm-0866/Red Dev 40 refers to a cluster of APTs primarily targeting entities located in the Middle East and South Asia, such as telecommunication providers and government agencies, that represent an emerging APT network.
Storm-0866 has several powerful tools at his disposal, one of which is KEYPLUG. This backdoor was first exposed by Google-owned Mandiant in the context of attacks conducted by the Chinese-based APT41 actor between May 2021 and February 2022 in which he infiltrated six state government systems.
As part of its report, Mandiant informed the public that they first discovered the Keyplug backdoor in March 2022, which was used by a known Chinese group, APT41.
Microsoft and PwC teams discovered that the Keyplug backdoor was passed around to multiple other Chinese-based threat groups, according to the report.
Researchers believe that the new obfuscation tools provided by Keyplug malware give the group a new advantage compared to previous versions.
According to the researchers, when they analyzed both the C2 configuration and the LuaDream and Keyplug malware strains, the overlaps were overwhelming, which can be interpreted as suggesting that their operators were seeking similar functional requirements.
To grow, and effectively collaborate between the increasing number of Chinese APT groups, the report concluded, cyber security community members must share similar knowledge.
There is a great deal of certainty that the constituent threat actors will continue to cooperate and coordinate, exploring new ways to enhance the functionality, flexibility, and stealthiness of their malware to further enhance the threat actors' threat.
An influential example of how this can be applied is the adoption by developers of the Lua development paradigm.
Overcoming the threat landscape requires a constant flow of information sharing between members of the threat intelligence research community.
A few instances of espionage-motivated APTs historically considered Western or Western-aligned have been associated with Lua-based modular backdoors, such as LuaDream.
This has proven to be a very rare occurrence and is often associated with APTs that are espionage-motivated.
In our research on Sandman, we found that a broader set of cyberespionage threat actors are utilizing the Lua development paradigm because of its modularity, portability, and simplicity.


This Cyber News was published on www.cysecurity.news. Publication date: Thu, 14 Dec 2023 13:13:20 +0000


Cyber News related to Sandman APT Gains Traction: Chinese Hackers Amplify Cybersecurity Risks

Sandman APT Gains Traction: Chinese Hackers Amplify Cybersecurity Risks - Following this assessment, SentinelOne, PwC, and Microsoft Threat Intelligence have been working together on this since they have determined that the adversary's Lua-based malware, LuaDream, and the KEYPLUG have both been found to cohabit in the ...
10 months ago Cysecurity.news
Report Sees Chinese Threat Actors Embracing Sandman APT - SentinelLabs, Microsoft and PwC jointly issued an alert that threat actors thought to be associated with cybercriminals based in China have adopted an advanced persistent threat known as Sandman to insert malware in IT environments. Aleksandar ...
10 months ago Securityboulevard.com
Chinese hacking documents offer glimpse into state surveillance - Chinese police are investigating an unauthorized and highly unusual online dump of documents from a private security contractor linked to the nation's top policing agency and other parts of its government - a trove that catalogs apparent hacking ...
8 months ago Apnews.com
Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
9 months ago Cysecurity.news
Lost in Translation: Mitigating Cybersecurity Risks in Multilingual Environments - With increased connectivity and linguistic diversity comes a new set of cybersecurity risks. This article will delve into the unique cybersecurity challenges in multilingual environments, focusing on solutions and best practices to mitigate such ...
10 months ago Cyberdefensemagazine.com
What is an advanced persistent threat? - An advanced persistent threat is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period. APT attacks are initiated to steal highly sensitive data rather than cause damage to ...
11 months ago Techtarget.com
Fortinet Contributes to World Economic Forum's Strategic Cybersecurity Talent Framework - Shining a light on the cybersecurity workforce challenge, the World Economic Forum recently published its Strategic Cybersecurity Talent Framework, which is intended to serve as a reference for public and private decision-makers concerned by the ...
5 months ago Feeds.fortinet.com
Uncovering Chinas Surveillance of the United States Spies Hackers and Informants - Last week, a Chinese surveillance balloon in the United States caused a diplomatic uproar and raised concerns about how Beijing collects intelligence on its biggest rival. FBI Director Christopher Wray said in 2020 that Chinese spying is the most ...
1 year ago Securityweek.com
What is the NIST Cybersecurity Framework? Definition from SearchSecurity - The NIST Cybersecurity Framework provides guidance on how to manage and reduce IT infrastructure security risk. NIST created the CSF to help private sector organizations in the United States develop a roadmap for critical infrastructure ...
9 months ago Techtarget.com
DHS and FBI: Chinese Drones Pose Major Threat to U.S. Security - The cybersecurity arm of the Department of Homeland Security and the Federal Bureau of Investigation have jointly issued a public service announcement cautioning about the potential risks posed by Chinese-manufactured drones to critical ...
9 months ago Cysecurity.news
Student Cybersecurity Clubs: Fostering Online Safety - Student cybersecurity clubs are playing a crucial role in promoting online safety among students. Student cybersecurity clubs play a vital role in this regard, as they provide a platform for students to learn about the latest threats, share best ...
10 months ago Securityzap.com
The Importance of Cybersecurity Education in Schools - Cybersecurity education equips students with the knowledge and skills needed to protect themselves and others from cyber threats. Cybersecurity education can teach students about the impact of cyberbullying, how to prevent it, and how to respond ...
10 months ago Securityzap.com
Growing threats outpace cybersecurity workforce - The cybersecurity skills shortage threatens the well-being and even survival of numerous businesses as cybersecurity threats grow more numerous, sophisticated, and dangerous to the point that cybersecurity groups have vowed not to pay ransom demands. ...
9 months ago Legal.thomsonreuters.com
Sandman Cyberespionage Group Linked to China - The recently outed advanced persistent threat actor Sandman appears linked to China, SentinelOne, Microsoft, and PwC say in a joint report. The hacking group was brought into the spotlight at the LABScon security conference, standing out because of ...
10 months ago Securityweek.com
How to become a cybersecurity architect - Cybersecurity architects implement and maintain a comprehensive cybersecurity framework to protect their company's digital assets. The cybersecurity architect position is a fundamental role that all organizations need, said Lester Nichols, director ...
4 months ago Techtarget.com
Chinese Hackers Turn To Golang For Malware - Chinese hackers are increasingly turning to the open-source programming language Golang to maliciously code and launch new cyberattacks. According to the latest analysis by The Hacker News, this has resulted in an increase in the number of cyber ...
1 year ago Thehackernews.com
China's Dogged Campaign to Portray Itself as Victim of US Hacking - For more than two years, China's government has been attempting to portray the US as indulging in the same kind of cyber espionage and intrusion activities as the latter has accused of carrying out over the past several years. A recent examination of ...
8 months ago Darkreading.com
Cybersecurity Curriculum Development Tips for Schools - With the constant threat of cyber attacks, schools must prioritize the development of a robust cybersecurity curriculum to equip students with the necessary skills and knowledge. This article provides valuable insights and tips for schools aiming to ...
10 months ago Securityzap.com
Understanding the New SEC Rules for Disclosing Cybersecurity Incidents - The U.S. Securities and Exchange Commission recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. "Currently, many public companies provide cybersecurity disclosure ...
11 months ago Feeds.dzone.com
Digital Learning Tools for Cybersecurity Education - In the field of cybersecurity education, digital learning tools have become indispensable. This article explores various digital learning tools tailored specifically to cybersecurity education. These digital learning tools play a crucial role in ...
10 months ago Securityzap.com
What the cybersecurity workforce can expect in 2024 - For cybersecurity professionals, 2023 was a mixed bag of opportunities and concerns. The good news is that the number of people in cybersecurity jobs has reached its highest number ever: 5.5 million, according to the 2023 ISC2 Global Workforce Study. ...
10 months ago Securityintelligence.com
Cybersecurity Training for Business Leaders - This article explores the significance of cybersecurity training for business leaders and its crucial role in establishing a secure and resilient business environment. By examining the key components of effective training programs and the ...
9 months ago Securityzap.com
Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs - Common malware has led a group of researchers to link the once mysterious Sandman threat group, known for cyberattacks against telecom service providers across the world, to a growing web of Chinese government-backed advanced persistent threat ...
10 months ago Darkreading.com
Chinese hackers infect Dutch military network with malware - A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service of the Netherlands. Despite backdooring the hacked systems, the ...
9 months ago Bleepingcomputer.com
Chinese hackers infect Dutch military network with malware - A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service of the Netherlands. Despite backdooring the hacked systems, the ...
9 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)