Initial reports indicated that someone had been exploiting the flaw for approximately a month before its discovery, but the identity of the attacker and their targets remained undisclosed.
While initial assessments suggested that up to 80,000 endpoints were vulnerable, the number decreased over the following weekend to a few hundred. Cybersecurity experts from For-IT reported that the malicious code on thousands of devices had been modified to check for an Authorization HTTP header value before responding. A different analysis method revealed that nearly 40,000 devices were compromised.