[..]
ONYPHE Founder & CTO Patrice Auffret told BleepingComputer that he believes the threat actors behind the attacks are deploying an update to hide their presence, thus causing the implants to be no longer seen in scans.
“For the second day in a row, we see the number of implants have drastically dropped in a short time (see screenshots attached). Basically, they appear to have been practically all rebooted (as the known implant doesn’t survive a reboot) or have been updated.”
“We believe it is the action from the original threat actor which is trying to fix an issue that should not have been there from the beginning. The fact that the implant was so easy to detect remotely was a mistake from their side.
“They are probably deploying an update to hide their presence.”
[..]