Symantec researchers have found a novel technique used by Cranefly hackers to install new malware named Trojan.Danfuan and other tools. This technique 'reads commands from seemingly innocuous Internet Information Services (IIS) logs'. Mandiant found in May 2022 that that the hacker group had targeted corporate emails that contained information regarding corporate development, mergers and acquisitions, and large corporate transactions. Symantec researchers stated that the new technique used by hackers hides the traces of activity on victims' machines, and so they were unable to see exfoliated data. However, the tools deployed to conceal the activity indicate that 'the most likely motivation for this group is intelligence gathering'.