Symantec is monitoring a new hacking group, called Lancefly, which has been attacking government, aviation, education, and telecom sectors in South and Southeast Asia since mid-2022. The attacks are using a powerful backdoor, known as Merdoor, and a rootkit, called ZXShell, to gather information. It is believed that the initial intrusion vector is likely to involve phishing emails, SSH brute-forcing, or exploiting internet-exposed servers. Merdoor and ZXShell are linked to Chinese actors APT17, APT27, and APT41, and the rootkit is signed by the certificate “Wemade Entertainment Co. Ltd”.
Source: Hackernews
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.