Cybersecurity researchers have recently discovered a new group of threat actors known as Lancefly, who have been actively targeting government, aviation, education, and telecoms organizations. Symantec, in its latest report, revealed that Lancefly employs a custom-made malware called Merdoor, which has been in circulation since at least 2018. While previous campaigns featuring Merdoor were observed in 2020 and 2021, the current campaign began in mid-2022 and has continued into 2023.
