Iranian hackers have been active since at least 2017 and are being tracked as Pioneer Kitten by cyber-security firm Crowdstrike. CrowdStrike says that the group is “a contract element operating in support of the Iranian government”” The hackers are known for exploiting vulnerabilities in Internet-exposed Fortinet
Source: Palo Alto Networks VPN (CVE-2019-1579) appliances to gain access to companies’ corporate and industrial networks. Their attacks are mostly focused on technology