The cyberattackers are using the “Deadglyph” custom spyware, whose full capabilities have not yet been uncovered.