Between January 2025 and January 2026, the India-nexus threat actor SloppyLemming conducted a cyber espionage campaign targeting government and critical infrastructure in Pakistan and Bangladesh. The campaign utilized PDF and Excel lures to deploy two custom implants—an in-memory shellcode backdoor named BurrowShell and a Rust-based keylogger—via DLL search order hijacking and extensive abuse of Cloudflare Workers infrastructure.