Two common models for this punch in of actor are access-as-a-service and hack-for-hire.
MSTIC has found multiple links between DSIRF and the exploits and malware used in these attacks.
The exploits were packaged into a PDF document that was sent to the victim via email.
source: www.techworm.net
