Military Times says the US cyber operations against Iran last week remains obscured by the "fog of war," as Iran denies the attacks had any effect, and some US officials say (on background) that yes, they did.
Refined Kitten, also known as Elfin or APT33, appears to have shifted its tactics after Symantec reported on the Iranian threat group's operations against Saudi targets. Recorded Future has observed the group shelving most of the domains it had used, and registering some 1200 new ones. About half of the newly-established domains are connected with StoneDrill, an upgraded Shamoon wiper.
Refined Kitten has shown an increased preference for commodity malware tools, especially remote-access Trojans. This is a sign of sophistication, not frugality or desperation: among other advantages, using commodity malware can render attribution murkier. APT33 also uses organizations outside the scope of their declared purposes, and the Nasr Institute, which Ars Technica describes as an organization that oversees Iran's computing and networking, seems to be one of Tehran's cyberattack crews.
Silex malware, which bricked large numbers of IoT devices until its command-and-control server went down yesterday afternoon, seems to be the work of three teenagers, Bleeping Computer reports, who glory in the noms-de-hack "Light The Leafon" (or "Light The Sylveon"), "Alx," and "Skiddy." Akamai looked at Silex and found that it worked against default passwords. The motive seems to have been a form of snobbery. The hackers wanted to preempt tiresome skids from exploiting poorly protected IoT devices for cash and bragging rights.