"Lancefly APT Uses Powerful Merdoor Backdoor in Attacks on Asian Orgs"

Symantec researchers have reported that the Lancefly Advanced Persistent Threat (APT) group is now using a custom-written backdoor called Merdoor in ongoing attacks against South and Southeast Asian organizations. The attacks are aimed at government, aviation, education, and telecommunications organizations. The intelligence-gathering campaign emerged in mid-2022 and is still ongoing. Merdoor is a fully-featured backdoor that supports multiple capabilities, such as installing itself as a service and keylogging. In addition, it has various ways to communicate with its command-and-control (C2) server (i.e., HTTP, HTTPS, DNS, UDP, TCP), and the ability to listen for commands on a local port. The only difference between the instances of Merdoor examined by the researchers is the embedded and encrypted configuration, which includes the C2 communication mechanism, service details, and installation directory. This article continues to discuss the Lancefly APT group's use of the powerful custom backdoor Merdoor in attacks against organizations. 

Security Affairs reports "Lancefly APT Uses Powerful Merdoor Backdoor in Attacks on Asian Orgs"