APT34/OilRig and APT33/Elfin appear to be linked to the Fox Kitten campaign, researchers say. The campaign has used a range of tools, including some based on open-source code and some custom weapons. The initial infection vector has been the exploitation of recently disclosed vulnerabilities in VPN services such as Pulse Secure VPN, Fortinet VPN and Global Protect by Palo Alto Networks. The attackers tailored their custom tools to match the operating systems at target organizations, the researchers noted.
Source: https://threatpost.com/iranian-apts-fox-kitten-global-spy-campaign/152974/