A single aviation organization was infiltrated by the hackers using vulnerabilities on internet-facing devices.

APT 41 is known for its gaming, telecommunications, healthcare, and education targets — but this blows its past campaigns out of the water.

Keyloggers often use email, rather than C2 servers, to exfiltrate data. Cofense says a huge chunk of that is done using Zoho servers.