ZDNet noted that a known Iran-backed hacking team, APT33, had used the same vulnerability in December to install back doors on servers and promptly push the flaw to Outlook users. Chronicle Security’s Brandon Levene also found that Cyber Command’s code samples appeared related to APT33’s disk-wiping Shamoon malware. Symantec had also warned of increased activity from the group in recent months.

If it’s Iran and not a more familiar perpetrator like Russia, it suggests that political tensions are translating directly to the digital realm. The US is believed to have knocked out Iranian missile and rocket systems with a cyberattack in late June, for instance. Although this Outlook campaign isn’t necessarily direct retaliation for the missile effort, it’s hard to imagine Iran doing nothing in response.