ESET research on Twitter: "In one of the targeted organizations, the wiper was dropped via the default (domain policy) GPO meaning that attackers had likely taken control of the Active Directory server. 5/n" / Twitter
https://twitter.com/ESETresearch/status/1496581914769207298