The Microsoft Threat Intelligence Center (MSTIC) has presented an analysis of the evolution of several Iranian threat actors at the CyberWarCon 2021, and their findings show increasingly sophisticated attacks.
Since September 2020, Microsoft has been tracking six Iranian hacking groups deploying ransomware and exfiltrating data to cause disruption and destruction for victims.
Over time, these hacking groups have evolved into competent threat actors capable of conducting cyber-espionage, using multi-platform malware, disrupting operations with wipers and ransomware, carrying out phishing and password spraying attacks, and even setting up sophisticated supply chain operations.