Trend Micro has found traces of APT33 operations, with about a dozen Command and Control servers being used for extremely narrow targeting. The malware campaigns were directed against organizations in the Middle East, the US and Asia. Trend Micro thinks that using this many servers — organized into a botnet — is needed to gain persistence after deployment within the networks of selected targets. The group is also doing some other kinds of big-time hiding, with the group using its own virtual private network (VPN)”]
Source: https://www.darkreading.com/abtv/iran-rustles-up-its-own-vpn-to-hide-itself/a/d-id/755706