The researchers noted that the specific infection vector for this campaign remains unclear. While Lancefly has previously relied on classic phishing techniques to distribute the backdoor, in this instance, evidence suggests the attackers may have used SSH brute-forcing or exploited a load balancer for unauthorized access. This adaptability in infection vectors showcases Lancefly’s sophistication.
