India’s Computer Emergency Response Team (CERT-In) has issued an alert for a newly surfaced info-stealing malware, named LuaDream.
The malware, being used by a previously unknown threat actor tagged as Sandman, is capable of user data collection, including IP addresses, OS information and more. The malware targets the telecommunications sector in various regions, with reported use in the Middle East, Western Europe, and South Asia. The malware posed significant risks including potential data theft to launch further attacks.
LuaDream is a multi-component backdoor malware with capabilities to manage plugins, exfiltrate system data and steal user data through multiple protocols, CERT-In shared in a blog post.
The operational style of Sandman is to evade detection by keeping a low profile while moving laterally within breached systems to maximise its cyberespionage operations.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
Threat actors first gain access to a corporate network using stolen administrative credentials, from the use of “Pass-the-hash” attacks to authenticate to remote services and services by extracting and reusing NTML hashes stored in memory, SentinelLabs said in a blog post.
Threat actors are known to use malware to steal admin credentials to gain access to the network of the target organization. From here threat actors collect data and manage plugins for execution on target systems that pose a range of potential adverse outcomes. The plugins can reportedly be used by threat actors for the ability to execute commands on the compromised device.
Published - October 04, 2023 03:11 pm IST