I found these references to Mullvad and TeamPCP

>The whole operation ran primarily from Mullvad VPN exit nodes and virtual private server infrastructure, with little effort made to blend in. This was a high-tempo, low-stealth campaign designed to extract as much value as possible, as fast as possible.[1]

>Wiz CIRT observed the bulk of TeamPCP’s activity originating from Mullvad Virtual Private Network (VPN) exit nodes and virtual private server hosts such as InterServer.[2]

1: https://www.oligo.security/blog/teampcp-campaign-the-evoluti...

2: https://www.wiz.io/blog/tracking-teampcp-investigating-post-...

oopsie, has someone burned their proprietary intel for internet points?