Attack chains mounted by the hacking crew entail the exploitation of known security flaws in Apache Log4j, SonicWall, and TerraMaster NAS appliances to gain initial access, followed by reconnaissance, lateral movement, and ransomware deployment.
Source: cyware.com