2/2
How they get in: exploiting internet-facing apps (Exchange, SharePoint, Openfire) and droppers disguised as Google Update or Cisco AnyConnect installers, some hidden behind PDF lures.
"Adversaries combine readily available attack tools with custom malware and advanced evasion." — Fareed Radzi, Kaspersky GReAT