The attack, which has been nicknamed FritzFrog, was based on using weak passwords to penetrate into the systems. The attackers acted with sophistication and did not leave any traces in the compromised servers so it was very hard to identify them. Guardicore published instructions for security personnel so they can check whether their systems were infected by the new malware, and if so, clean the servers.
Harpaz discovered that that the attackers turned the systems they took control of into a "peer network" that served as a malicious force multiplier. They started using the servers that they took over for mining cryptocurrency, but apparently that wasn't their main goal. Rather, it was preparing the infrastructure of the infected computers in order to schedule a much larger attack, or to sell the opportunity to a different entity. They also tried to breach governmental institutions in Europe and the US, but in this case their attempts failed.
Guardicore, which was established by Dror Sal'ee, Pavel Gurvich and Ariel Zeitlin, develops protection software for corporate cloud networks and internal servers that is operating successfully in hundreds of companies in the financial, e-commerce, and technology fields as well as in educational organizations. The company that has raised $110 million employs 190 workers in Israel, the US, Canada, Brazil, India, Mexico, Western Europe and Ukraine.