An Iran-linked APT known as Chafer has been spotted targeting various entities based in Iran with an enhanced version of a custom malware that takes a unique approach to communication by using the Microsoft Background Intelligent Transfer Service (BITS) mechanism over HTTP. The victimology suggests the threat group is waging a cyber-espionage operation against diplomats there. In addition to the aforementioned salamati-language encryption being used as a human-readable Farsi-language key-readable encryption, the group added a new infection method to its toolkit.
Source: https://threatpost.com/chafer-iran-apt-malware/141420/