CyberWisdom aggregated three articles with similar story that researchers report that the threat actor, assessed to be Iranian APT groups, APT34, and/or possibly APT33 is behind exploiting the memory corruption vulnerability CVE-2017-11882. The hacker deploys the PowerShell-based backdoor POWRUNER as well as BONDUPDATED, a downloader with domain generation algorithm (DGA) functionality. Furthermore, APT34 leveraged the recent Microsoft Office