Lancefly

Description

(Symantec) The Lancefly advanced persistent threat (APT) group is using a custom-written backdoor in attacks targeting organizations in South and Southeast Asia, in activity that has been ongoing for several years.

Lancefly may have some links to previously known groups, but these are low confidence, which led researchers at Symantec, by Broadcom Software, to classify this activity under a new group name.

Lancefly’s custom malware, which we have dubbed Merdoor, is a powerful backdoor that appears to have existed since 2018. Symantec researchers observed it being used in some activity in 2020 and 2021, as well as this more recent campaign, which continued into the first quarter of 2023. The motivation behind both these campaigns is believed to be intelligence gathering.

Names

Name	Name-Giver
Lancefly	Symantec

Country

Unknown

Motivation

Information theft and espionage

First Seen

2018

Observed Sectors

Observed Countries

South and Southeast Asia

Tools

Merdoor

Information

https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lancefly-merdoor-zxshell-custom-backdoor

Other Information

Uuid

afabb609-17a9-4c1f-b288-0500ed42ec51

Last Card Change

2023-06-21

Threat Intelligence Garden

Explorer

Lancefly

Lancefly

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks