Trend Micro cybersecurity experts: The vehicle is the PrivateLoader pay-per-install (PPI) distribution service. The final payload is a multi-functions RAT.
ESET cybersecurity experts: The China-linked APT exploits the Korplug malware variant with decoy documents on Russia’s invasion of Ukraine and COVID-19.
Cisco Talos cybersecurity experts: The attacker, a single actor, deploys a variety of malware, such as DcRAT and QuasarRAT, via diplomatic and humanitarian lures.