Cyber-espionage campaign is said to have been directed at companies from the IT, telecommunication, oil and gas, aviation, government, and security sectors. The primary attack vector employed by the Iranian groups has been the exploitation of unpatched VPN vulnerabilities to penetrate and steal information from target companies. The attackers used web shells in order to communicate with the servers located inside the target and upload files directly to a C2 server. The backdoor code in itself is downloaded in chunks so as to avoid detection by antivirus software installed on the infected computers.
Source: https://thehackernews.com/2020/02/iranian-hackers-vpn-vulnerabilities.html