What also caught our attention is that members of this organization communicated via Onion.City so that they could visit domains in the Deep Web without the help of Tor browser. This has created an ideal invisible cloak for the hackers in the anonymous environment of Tor. In addition, our in-depth analysis prevails that this threat actor tried to fly false flags or mislead investigators by adopting the techniques and resources of other APT organizations that are already revealed to the world.