Hackers used log poisoning and web shells to convert Nezha into a remote access tool targeting networks across East Asia.