A cloud infrastructure provider in Iran found itself at the receiving end of a distributed denial-of-service (DDoS) attack through MTProxy servers that Telegram users in the country rely on to avoid government-enforced internet restrictions. The attack started on the morning of November 6 and subsided towards the end of the week. The company notes that these distributed attacks are different from what was seen before. They targeted Arvan Cloud edge servers, had no domain defined in the requests, traffic was recorded at layer two (data link) and did not use a common protocol.
Source: https://www.bleepingcomputer.com/news/security/telegram-mtproxy-servers-used-to-ddos-iranian-cloud-provider/