Lyceum is targeting ISPs and telecommunication operators in Israel, Tunisia, Morocco, and Saudi Arabia. It also attacked a ministry of foreign affairs in Africa. Lyceum uses credential stuffing and brute-force techniques as initial attack vectors. Since its launch, the group has tried and stayed ahead of defensive systems, making it a potential threat.