Sandman APT is a threat actor attributed to CN. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does Sandman APT exploit?

Specific CVE exploitation data for Sandman APT is being tracked. Check the Strobes VI threat actor profile for updates.

Sandman APT

Exploited CVEs

Overview

First disclosed in 2023, the Sandman APT is likely associated with suspected China-based threat clusters known for using the KEYPLUG backdoor, specifically STORM-0866/Red Dev 40. Sandman is tracked as a distinct cluster, pending additional conclusive information. A notable characteristic is its use of the LuaDream backdoor. LuaDream is based on the Lua platform, a relatively rare occurrence in the cyberespionage domain, historically associated with APTs considered Western or Western-aligned.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database