Spear-phishing emails may have been leveraged by APT41 to infiltrate targeted network infrastructure, which would then be deployed with a DCSync attack that enables password hash exfiltration.
Article Link: Gambling sector subjected to APT41 intrusions | SC Media