A new data theft campaign, attributed to an advanced persistent threat actor dubbed 'LilacSquid', has been active since at least 2021. The campaign targets diverse victims across various sectors in the United States, Europe, and Asia. It employs MeshAgent, an open-source remote management tool, and a customized version of QuasarRAT called 'PurpleInk' as primary implants after compromising vulnerable internet-facing application servers. LilacSquid leverages vulnerabilities and compromised RDP credentials to deploy tools like MeshAgent, SSF, PurpleInk, and two malware loaders called 'InkBox' and 'InkLoader' for establishing long-term access and data exfiltration.