During an investigation into suspected Iranian threat group ITG18, researchers found various security errors made by the attackers that gave them an inside look into their TTPs.