https://www.bleepingcomputer.com/news/security/iranian-hackers-attack-exposed-rdp-servers-to-deploy-dharma-ransomware/

Low-skilled hackers likely from Iran have joined the ransomware business targeting companies in Russia, India, China, and Japan. They are going after easy hits, using publicly available tools in their activity.

The new group is deploying Dharma ransomware. Based on forensic artifacts, this is a non-sophisticated, financially-motivated gang that is new to cybercrime.