Trend Micro links ongoing attacks with moderate confidence to Iranian hacker group MuddyWater. Targets of the new wave of attacks are mainly organizations located in Azerbaijan, Bahrain, Israel, Saudi Arabia, and the UAE. Trend Micro: “Earth Vetala” is said to have leveraged spear-phishing emails containing embedded links to a file-sharing service called Onehub to distribute malware that ranged from password dumping utilities to custom backdoors, before initiating communications with a command-and-control (C2) server.
Source: https://thehackernews.com/2021/03/iranian-hackers-using-remote-utilities.html