In August 2023, the Sandman APT group targeted telecom companies with the LuaDream malware to steal system information in the Middle East, Western Europe, and the South Asian subcontinent. LuaDream is a multi-component backdoor with various capabilities, including managing plugins and exfiltrating data. The malware's development activities were observed in the first half of 2022. The Sandman APT group primarily used DLL hijacking with malicious DLL files to deploy LuaDream. Experts attribute the malware to private contractors. The C2 details showed communication via WebSocket protocol with mode.encagil[.]com. The attribution of Sandman APT and the actors involved remain unknown. The LuaJIT-based backdoor demonstrates ongoing innovation in cyber espionage malware. #SandmanAPT #LuaDream #telecomsecurity #cyberespionage #malware

https://cybersecuritynews.com/sandman-apt-attacks-telcos/