Iran’s nation-state hacking machine mostly is known for its destructive cyberattacks. But Iran increasingly is increasingly honing its operations in pure intelligence-gathering cyber espionage. US intelligence officials see Iran as one of the biggest cyber threats to the US in the next year. APT39/Chafer operates as an old-fashioned cyber espionage operation, but with advanced stealthy tactics and tools to meet its objectives. The group uses legitimate hacking tools such as Windows Credential Editor, which makes the group difficult to detect.”]
Source: https://www.darkreading.com/attacks-breaches/iran-ups-its-traditional-cyber-espionage-tradecraft