Threat actors, known as ‘Sandman,’ have recently targeted telecommunication service providers located in the Middle East, Western Europe, and South Asia. Apparently, Sandman has used info-stealing software called ‘LuaDream’ to conduct its operations.
The threat actors came to light in August 2023 when they were discovered by researchers from SentinelLabs in collaboration with QGroup GmbH. The malware has been named after the internal backdoor name ‘DreamLand client.’
To maximize its cyberespionage operations, Sandman maintains a low profile to evade detection, performs lateral movement, and maintains long-term access to compromised networks.
How Does Sandman Operate?
According to SentinelOne, Sandman initially acquires illicit access to a corporate network through stolen administrative credentials. Following this, Sandman uses ‘pass-the-hash’ exploits to retrieve and reuse NTLM hashes stored in memory to authenticate to remote servers and services.
LuaDream Malware
Sandman has been using a new modular malware called ‘LuaDream’ in its attacks, utilizing DLL hijacking on targeted systems. The malware derives its name from LuaJIT, a just-in
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: