See the attached report for additional details.
Note that these attacks are not new and we have been observing this activity since 2014. Some indicators were associated with SWIFT activity and we note that there is some overlap with other campaigns.
Iran reuses servers associated with SWIFT attacks and continued phishing activity