101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.

Server stats:

481
active users

#sandmanapt

0 posts0 participants0 posts today

"🔍 Sandman APT: China's Shift to Lua in Cyber Espionage 🐉"

The Sandman APT, linked to China's KEYPLUG backdoor & possibly the STORM-0866/Red Dev 40 cluster, is embracing Lua for its modular malware LuaDream. This move highlights China's evolving cyberespionage tactics & the growing complexity of their threat landscape. 🌐🔑🕵️

📰 Source: SentinelOne Labs

Authors: Aleksandar Milenkoski, Bendik Hagen & Microsoft Threat Intelligence

Tags: #Cybersecurity #APT #Lua #SandmanAPT #KEYPLUG #STORM0866 #RedDev40 #Espionage #VisualThreatIntelligence

SentinelOneSandman APT | China-Based Adversaries Embrace LuaSentinelLabs, Microsoft, and PwC threat intelligence researchers provide attribution-relevant information on the Sandman APT cluster.

"🔍 Unveiling Sandman APT: The Silent Menace Targeting Global Telcos 🎯"

SentinelLabs has unearthed a new threat actor dubbed Sandman APT, primarily targeting telecommunication providers across the Middle East, Western Europe, and South Asia. This enigmatic group employs a novel modular backdoor named LuaDream, utilizing the LuaJIT platform, a rarity in the threat landscape. The meticulous movements and minimal engagements hint at a strategic approach to minimize detection risks. The LuaDream malware, a well-orchestrated and actively developed project, is designed for system and user info exfiltration, paving the way for precision attacks. The intriguing part? The attribution remains elusive, hinting at a private contractor or a mercenary group akin to Metador. The activities observed are espionage-driven, with a pronounced focus on telcos due to the sensitive data they harbor. The meticulous design of LuaDream showcases the continuous innovation in the cyber espionage realm, urging for a collaborative effort within the threat intelligence community to navigate the shadows of the threat landscape.

Source: SentinelOne Labs

Tags: #SandmanAPT #LuaDream #TelecomSecurity #CyberEspionage #ThreatActor #CyberSecurity #LuaJIT #SentinelLabs #APT 🌐🔐🎯

Indicators of Compromise (IoCs):

  • Domains: mode.encagil[.]com, ssl.explorecell[.]com
  • File Paths: %ProgramData%\FaxConfig, %ProgramData%\FaxLib
  • SHA1:
    • fax.dat: 1cd0a3dd6354a3d4a29226f5580f8a51ec3837d4
    • fax.Application: 27894955aaf082a606337ebe29d263263be52154
    • ualapi.dll: 5302c39764922f17e4bc14f589fa45408f8a5089
    • fax.cache: 77e00e3067f23df10196412f231e80cec41c5253
    • UpdateCheck.dll: b9ea189e2420a29978e4dc73d8d2fd801f6a0db2
    • updater.ver: fb1c6a23e8e0693194a365619b388b09155c2183
    • fax.module: ff2802cdbc40d2ef3585357b7e6947d42b875884

Author: Aleksandar Milenkoski, a seasoned threat researcher at SentinelLabs, has meticulously dissected the activities of Sandman APT, shedding light on the LuaDream backdoor. His expertise in reverse engineering and malware research is evident in the detailed analysis provided.

SentinelOneSandman APT | A Mystery Group Targeting Telcos with a LuaJIT ToolkitSophisticated threat actor deploys high-end malware utilizing the LuaJIT platform to backdoor telcos in Europe, Middle East and South Asia.