Sophos analyses STAC6405, a phishing campaign that used invite-themed lures to trick users into installing LogMeIn Resolve for remote access. In some cases, the actor then used both existing and newly deployed ScreenConnect instances to pull additional binaries, including an infostealer. https://www.sophos.com/en-us/blog/incident-responders-s-il-vous-plait