First disclosed in 2023, the Sandman APT is likely associated with suspected China-based threat clusters known for using the KEYPLUG backdoor, specifi...

Threat Actor Profile

Sandman APT

State-sponsored threat group originating from CN. Suspected sponsor: China. Known to target Government, Telecommunications.

2 Industries Tracked Real-Time Alerts

Actor Overview

Origin Country
CN
Suspected Sponsor
China
Incident Types
Espionage

Target Industries

GovernmentTelecommunications

Suspected Victims

Middle EastSoutheast AsianFranceEgyptSudanSouth SudanLibyaTurkeySaudi ArabiaOmanYemenSri LankaIndiaPakistanIranAfghanistanKuwaitIraqUnited Arab Emirates

Related Threat Reports

Premium
APT Campaign Analysis - Q4 2025Dec 2025
New Tactics Observed in WildDec 2025
Infrastructure Mapping ReportDec 2025
Stay Updated

Get alerts when new intel on Sandman APT is published.

Actor Details

Primary Name
Sandman APT
Data Source
Precursor Intelligence
Need API Access?

Integrate threat actor data into your SIEM or SOAR.

View Plans →