Security News > 2023 > September > ‘Sandman’ hackers backdoor telcos with new LuaDream malware
A previously unknown threat actor dubbed 'Sandman' targets telecommunication service providers in the Middle East, Western Europe, and South Asia, using a modular info-stealing malware named 'LuaDream.
SandMan has been seen deploying a new modular malware named 'LuaDream' in attacks using DLL hijacking on targeted systems.
Upon initialization, LuaDream connects to a C2 server and sends gathered information, including malware versions, IP/MAC addresses, OS details, etc.
While some of Sandman's custom malware and part of its C2 server infrastructure have been exposed, the threat actor's origin remains unanswered.
New SprySOCKS Linux malware used in cyber espionage attacks.
Hackers backdoor telecom providers with new HTTPSnoop malware.
News URL
Related news
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)