New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware

A new APT group, dubbed Sandman, has been identified by SentinelLabs and QGroup GmbH as targeting telecom service providers in Europe and Asia in a cyberespionage campaign. The group uses a novel modular backdoor called LuaDream that is based on the Lua programming language, often used in embedded applications. The identity of Sandman remains unknown and it is thought to be a third-party hacker-for-hire entity.