> This was the exact same technique that was used in 2021 by Audacity's update mechanism, which also redirected traffic to servers hosted in other Aeza Group ASNs and planted a dropper for later campaigns.

I can't find anything about this, can you link a source?