Artist for hire
If I udnerstand correctly ImageTragick was patched upstream 30th April. Dragoneer said:A question for Dragoneer regarding the ImageTragick exploit
So it took them five days to patch it. That was more than enough time for the attackers to steal the source.Somebody got the source code through the ImageTragick exploit (which we patched on May 5th)
So if the above is true, in this attack it wasn't ImageTragick, but some exploit they found in FA's code. Which is reasonable since we know the code is very bad and old - as an ex FA developer said, a "clusterfuck".