>My guess is that a ransomware group is behind this.
My bet would be that they were after a crypto exchange(s) where they've already compromised some level of access and want to get deeper into the backend.
>Even if the backdoor had gone into production servers it would have been found fairly quickly if used at some scale.
I agree. Yes it's possible the backdoor could've gone unnoticed for months/years but I think the perp would've had to assume not.
My bet would be that they were after a crypto exchange(s) where they've already compromised some level of access and want to get deeper into the backend.
>Even if the backdoor had gone into production servers it would have been found fairly quickly if used at some scale.
I agree. Yes it's possible the backdoor could've gone unnoticed for months/years but I think the perp would've had to assume not.