The bug in Edge’s auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload.
https://threatpost.com/microsoft-edge-browser-uxss-attacks/167389/
US Cyber Command linked the group to Iranian intelligence and detailed its multi-pronged, increasingly sophisticated suite of malware tools.
https://threatpost.com/us-military-ties-muddywater-cyberespionage-apt-iran/177633/