Investigation into the incident, which may have been caused by a successful phishing attack, is still underway, reported officials, who noted that the recovery of impacted law enforcement systems is being prioritized.
Such a vulnerability stems from impacted devices' usage of an American Megatrends International-generated Platform Key with the "DO NOT TRUST" tag that the vendors should have replaced, according to a report from the Binarly Research Team.
Information exposed by the hacking incident revealed not only all devices infected with Spytech spyware, most of which were Windows PCs, but also their unencrypted activity logs.
Identification of the critical arbitrary code execution bugs, tracked as CVE-2024-4879 and CVE-2024-5217, as well as the medium severity flaw, tracked as CVE-2024-5178, has been followed by widespread network scanning for vulnerable instances.
Intrusions involved the use of the domain, crowdstrike-office365[.]com, to lure users into downloading a recovery tool purportedly addressing update-related boot loop issues but delivers a malware loader.