SloppyLemming Targets Pakistan and Bangladesh with Malware Campaign

The threat group known as SloppyLemming conducted attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh between January 2025 and January 2026. The campaign employed two distinct attack chains to deploy malware families identified as BurrowShell and a Rust-based variant. Arctic Wolf attributed the activity to this cluster, though no specific technical indicators, CVE IDs, or detailed impacts were disclosed in the reported findings.