The limitations of legacy SIM and the complexities of identifying new clusters

Aleksandar Milenkoski and JAGS from SentinelOne sits down to share their work on "Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit." After observing a new threat activity cluster by an unknown threat actor in August of this year, SentinelLabs dubbed it Sandman.

The research states "Sandman has been primarily targeting telecommunication providers in the Middle East, Western Europe, and the South Asian subcontinent." Sandman has deployed a novel modular backdoor utilizing the LuaJIT platform, they call this malware "LuaDream," which exfiltrates system and user information, paving the way for further precision attacks.

The research can be found here:

• Sandman APT | A Mystery Group Targeting Telcos with a LuaJIT Toolkit

Learn more about your ad choices. Visit megaphone.fm/adchoices