Sandman APTSandman APT

Also known as: Sandman APT

Known aliases
1

Profile

First disclosed in 2023, the Sandman APT is likely associated with suspected China-based threat clusters known for using the KEYPLUG backdoor, specifically STORM-0866/Red Dev 40. Sandman is tracked as a distinct cluster, pending additional conclusive information. A notable characteristic is its use of the LuaDream backdoor. LuaDream is based on the Lua platform, a relatively rare occurrence in the cyberespionage domain, historically associated with APTs considered Western or Western-aligned.

Aliases· 1

Sandman APT

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
WARP PANDA
Actor
APT21
Actor
LIMINAL PANDA
Actor
SandCat
Actor
APT9
Actor
APT39
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.