Attackers used custom Python tools, Tor for obfuscation and log deletion techniques to evade detection. Palo Alto Networks revoked tokens, rotated credentials and disabled the Drift integration, ...