Hauri describes the BabyShark campaign as active since 2018 and continuing through recent activity. The excerpt says earlier BabyShark activity used HWP files with OLE objects along with BAT and VBS files, but newer activity shifted techniques to evade security products. The reported changes include use of MSC Microsoft Management Console files and execution through VbsEdit's Launcher instead of the default Windows VBScript hosts wscript.exe and cscript.exe. The supported evidence is limited to the campaign evolution and execution methods, but it highlights detection-relevant changes in BabyShark tradecraft involving MSC files and alternate script launch paths.