The Iran-linked group tracked as APT33 uses obfuscated botnets for attacks aimed at high-value targets located in the United States, the Middle East, and Asia.
As part of these attacks, APT33 has used small botnets, each comprised of roughly a dozen bots (i.e. compromised machines on the victim’s network). Trend Micro says these bots are used to gain persistence on the network and the malware on these devices is basic — it allows attackers to download and run additional tools.
Read the full story here: https://www.securityweek.com/iranian-apt33-hackers-use-special-botnets-high-value-targets-us