Cactus, the mischief-makers, used these vulnerabilities as a backstage pass into corporate networks where Qlik Sense was hanging out, all unpatched and vulnerable. They got the Qlik Sense Scheduler service to kick off new processes, and then they pulled out the big guns—PowerShell and the Background Intelligent Transfer Service (BITS)—to download remote access software like AnyDesk.
