VERY IMPORTANT

In our most recent post, "iKittens: Iranian Actor Resurfaces with Malware for Mac," the inadvertent disclosure of macOS Keychains from a malware test machine recalled a long dormant group through references to an alias "mb_1986" (a hacker named Mojtaba Borhani that we have tracked since at least April 2013). The overlap speaks to a more generalizable theme: the ecosystem of Iranian actors is chaotic and ever-changing, making disambiguating different campaigns and groups a troublesome process. The reference to Mojtaba isn’t the only call back to previous groups that we have come across in our time monitoring Iranian actors.