same threat group hit filezilla last month with a fake domain. this time they didn't even need a fake domain, they compromised the real one's api layer. the attack is evolving from 'trick users into visiting the wrong site' to 'make the right site serve the wrong file.'