Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Targeted Asian Hacking: Lancefly Threat

May 15, 2023
Reading Time: 2 mins read
in Alerts
Targeted Asian Hacking: Lancefly Threat

 

A new hacking group named Lancefly has been conducting a highly targeted campaign against government, aviation, education, and telecom sectors in South and Southeast Asia since mid-2022.

The group utilizes a powerful backdoor called Merdoor, which has been in use since 2018 and is assessed to be used for intelligence gathering. The attackers also have access to an updated version of the ZXShell rootkit.

The initial intrusion vector used by Lancefly is not clear, but it is suspected to involve phishing lures, SSH brute-forcing, or exploiting internet-exposed servers.

The attack chains lead to the deployment of ZXShell and Merdoor, enabling communication with an actor-controlled server for further commands and keystroke logging. ZXShell, previously linked to Chinese actors, is a rootkit known for harvesting sensitive data.

The ZXShell rootkit used by Lancefly appears to be a smaller-sized version with additional functions, including targeting antivirus software to disable it. The rootkit is signed by the certificate “Wemade Entertainment Co. Ltd,” associated with APT41 (Winnti) in the past. Lancefly’s intrusions also involve the use of PlugX and ShadowPad, modular malware platforms associated with Chinese state-sponsored actors.

Despite the attribution challenges, the Lancefly group has maintained a low-profile approach, selectively deploying the Merdoor backdoor in a small number of targeted attacks. The group’s cautious use of the tool suggests a desire to stay under the radar.

Symantec, tracking the activity, continues to monitor and analyze the campaign to better understand its objectives and potential impact.

Reference:
  • Lancefly: Group Uses Custom Backdoor to Target Orgs in Government, Aviation, Other Sectors
Tags: AviationBackdoorCyber AlertCyber Alerts 2023CyberattackEducationGovernmentLanceflyMalwareMay 2023MerdoorTelecommunications
ADVERTISEMENT

Related Posts

Smishing targets routers in Belgium 2025

Smishing targets routers in Belgium 2025

October 2, 2025
Smishing targets routers in Belgium 2025

Outlook Bug Causes Repeated Crashes

October 2, 2025
Smishing targets routers in Belgium 2025

MatrixPDF Toolkit Turns PDFs Into Lures

October 2, 2025
Microsoft Sentinel Unveils AI SIEM

Apple Pushes iPhone and Mac Updates

October 1, 2025
Microsoft Sentinel Unveils AI SIEM

Tesla Fixes TCU Bug With USB Risk

October 1, 2025
Microsoft Sentinel Unveils AI SIEM

EvilAI Malware Posing As AI Tools

October 1, 2025

Latest Alerts

Outlook Bug Causes Repeated Crashes

Smishing targets routers in Belgium 2025

MatrixPDF Toolkit Turns PDFs Into Lures

Tesla Fixes TCU Bug With USB Risk

Apple Pushes iPhone and Mac Updates

EvilAI Malware Posing As AI Tools

Subscribe to our newsletter

    Latest Incidents

    Allianz Life July Breach Hits 1.5M

    Dealership Software Breach Hits 766k

    Suffolk Website Down After Cyber-Attack

    WestJet Confirms Data Breach

    Ransomware Gang Recruits Reporter

    US Surveillance Hack Exposes Data

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial