The attackers used their access to install a never-before-seen payload that has been dubbed Chrysalis. Security firm Rapid 7 described it as a “custom, feature-rich backdoor.”