Microsoft posted an interesting post about how their detection and response team known as DART was engaged by the Albanian government to lead an investigation into a serious of attacks. They identified four different Iranian threat actors that leveraged ransomware, wiper malware, exfiltrated data and did other nasty things. This post provides the forensic details of each attack including how proof was established leading to identifying the threat actors are Iranian as well as details about the technics, tactics and procedures TTPs used. It’s worth the read to see how such a investigation is handled as details unfold to the researchers.
That post can be found HERE.