| SYMBOL | COMMON_NAME | aka. SYNONYMS |
LilacSquid is an APT actor targeting a variety of industries worldwide since at least 2021. They use tactics such as exploiting vulnerabilities and compromised RDP credentials to gain access to victim organizations. Their post-compromise activities involve deploying MeshAgent and a customized version of QuasarRAT known as PurpleInk to maintain control over infected systems. LilacSquid has been observed using tools like Secure Socket Funneling for data exfiltration.
There are currently no families associated with this actor.
| 2024-05-30
⋅
Cisco Talos
⋅
LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader purpleink LilacSquid |