Kaspersky researchers first became aware of this campaign when they were called in to assist with incident response, and they discovered that the organisation had fallen victim to a custom backdoor (a type of malware that allows complete remote control over the device). Dubbed ThreatNeedle, this backdoor moves laterally through infected networks and extracts confidential information. So far, organisations in more than a dozen countries have been affected. Advertisement Initial infection occurs through spear-phishing; targets receive emails that contain either a malicious Word attachment or a link to one hosted on company servers. Oftentimes, the emails claimed to have urgent updates related to the pandemic and came, supposedly, from a respected medical center.