As an open-source tool, it has been used by several state-backed espionage actors like the Iranian APT33 and APT35 groups, as those tools make attribution and persistent operation harder to track.