| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Lancefly targets government, aviation, and telecom organizations in South and Southeast Asia. They use a custom backdoor named Merdoor, developed since 2018, and employ various tactics to gain access, including phishing emails, SSH credential brute-forcing, and exploiting server vulnerabilities. Additionally, Lancefly has been observed using a newer version of the ZXShell rootkit and tools like PlugX and ShadowPad RAT, which are typically associated with Chinese-speaking APT groups.
There are currently no families associated with this actor.
| 2023-05-15
⋅
Symantec
⋅
Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors Merdoor PlugX ShadowPad ZXShell Lancefly |