The advanced persistent threat (APT) group known as Lancefly has been observed deploying a custom-written backdoor in attacks targeting organizations in South and Southeast Asia.
According to new data from Symantec’s Threat Hunter Team, these campaigns have been ongoing for several years.
“Lancefly’s custom malware, which we have dubbed Merdoor, is a powerful backdoor that appears to have existed since 2018,” reads an advisory published by the company earlier today.
“Symantec researchers observed it being used in some activity in 2020 and 2021, as well as this more recent campaign, which continued into the first quarter of 2023. The motivation behind both these campaigns is believed to be intelligence gathering.”