Is BlackBostle Trying to Hit Replay?

A couple of servers that did have to be restored from backup. We then started monitoring, we figured that BlackBostle would probably try their hand again at the phishing campaign which I believe we saw happen. What it did allow our team to do was then do some deeper dives into the threat actor. Obviously, we're only seeing the data X-Fill side of it, but we could see some things, for instance, from our research and looking at it,. It looks like they used purpose-built hardware that they read out from different ISPs.