An Iran-linked threat actor is using an adaptable modular command-and-control framework in cyberattacks. It compromised IT service providers to reach high-value targets primarily in Israel.