With upcoming American sanctions on Iran in November, the regime has been targeting energy firms and other businesses in the Middle East, according to a U.S. cybersecurity firm on Tuesday.

According to FireEye, an Iranian “spear-phishing” email initiative has involved hackers stealing material from computers, using malware similar to that which was once used to infect a program that destroyed tens of thousands of Saudi Arabian terminals.

The cybersecurity company referred to the Iranian hackers as “APT33,” an acronym for “advanced persistent threat.”

APT33 used phishing email attacks with pretend job opportunities to “gain access to the companies affected, faking domain names to make the messages look legitimate. Analysts described the emails as ‘spear-phishing’ as they appear targeted in nature,” wrote the Associated Press.

“Whenever we see Iranian threat groups active in this region, particularly in line with geopolitical events, we have to be concerned they might either be engaged in or pre-positioning for a disruptive attack,” Alister Shepherd, a director for a FireEye subsidiary, told the Associated Press.

This development comes as FireEye warned last month of an Iranian misinformation campaign on Facebook, YouTube and Twitter.