Given an absence of even other vague data like 'exfiltrated data IP addresses were registered as Iranian' (not conclusive proof in itself given that the end devices could have been compromised) I'd say there is reason to be skeptical until they can provide more evidence.