Deobfuscating a Dropper for a ZLoader Trojan Variant
Regarding this article, https://www.secplicity.org/2021/04/01/deobfuscating-a-dropper-for-a-zloader-trojan-variant/, was the person who received the initial email SUPPOSED to be able to receive suspicious emails, or was this person just a general user at WatchGuard? The reason I ask is that no general user should be receiving emails with attached VBS files. Your article even notes, "Enable or implement e-mail filtering for malicious message bodies and attachments, with an emphasis on attachments."
WHY did this person even receive this email? What if they fell for it? Would WatchGuard be the next company in the news about a massive breach, putting all of us and our clients at risk?