Microsoft: Mystery Group Targeting Telcos Linked to Chinese APTs>
Dark Reading – Becky Bracken
The key points are:
– Researchers linked the mysterious Sandman threat group targeting telecom providers to Chinese government-backed APT groups.
– Sandman used the LuaDream and Keyplug backdoors in attacks across the Middle East, Europe and South Asia.
– Analysis found overlaps in Lua development practices and functionalities between Sandman and China-based STORM-08/Red Dev 40\)
– The Keyplug backdoor has also been used by APT41 and passed between multiple Chinese threat groups.
– STORM-08/Red Dev 40 distinguishes itself with unique encryption keys and cloud-based reverse proxy C2 infrastructure.
– Shared development practices and malware characteristics suggest coordination between Chinese APTs.
– Their expanding cooperation requires similar information sharing among the cybersecurity community.
– Continued collaboration is needed to navigate the complex, evolving Chinese threat landscape.
In summary, the article details new research attributing the Sandman group’s cyberattacks to a network of cooperating Chinese government-backed cyber threat actors.
Link: https://www.darkreading.com/threat-intelligence/microsoft-mystery-group-targeting-telcos-chinese-apts