Multiple malicious installers were delivering the same Purple Fox rootkit version using the same attack chain, possibly distributed via email or phishing sites.
https://threatpost.com/purple-fox-rootkit-telegram-installers/177330/
Sandworm APT Hunts for ASUS Routers with Cyclops Blink Botnet
-
The Russian-speaking APT behind the NotPetya attacks and the Ukrainian power grid takedown could be setting up for additional sinister attacks, researchers said.
https://threatpost.com/sandworm-asus-routers-cyclops-blink-botnet/178986/