Relevant CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11774
EDIT: A writeup from FireEye on this family of attacks back in December is supposedly still relevant: https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html
Relevant CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11774
EDIT: A writeup from FireEye on this family of attacks back in December is supposedly still relevant: https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html