LilacSquid

MISP

Type:
Unknown

Country:
Unknown

First seen:
Unknown

Details:

LilacSquid is an APT actor targeting a variety of industries worldwide since at least 2021. They use tactics such as exploiting vulnerabilities and compromised RDP credentials to gain access to victim organizations. Their post-compromise activities involve deploying MeshAgent and a customized version of QuasarRAT known as PurpleInk to maintain control over infected systems. LilacSquid has been observed using tools like Secure Socket Funneling for data exfiltration.

References (1)

blog.talosintelligence.com - Lilacsquid

Metadata

ID:	685
Created:	13/01/2026 17:48
Updated:	07/03/2026 16:00