A previously unknown threat actor dubbed ‘Sandman’ targets telecommunication service providers in the Middle East, Western Europe, and South Asia, using a modular info-stealing malware named ‘LuaDream.’
This malicious activity was discovered by SentinelLabs in collaboration with QGroup GmbH in August 2023, who named the threat actor and malware after the backdoor’s internal name of ‘DreamLand client.’
The operational style of Sandman is to keep a low profile to evade detection while performing lateral movement and maintaining long-term access to breached systems to maximize its cyberespionage operations.
Leave a reply