I'm also unimpressed by the lack of detail on who CyLance are, both here and on Ars. Both stories seem little more than an uncritical precise of CyLance's allegations.
We're supposed to believe that this white hat organisation can follow everything that these hackers are doing, including acquiring the source they use at their home base. I can see backtracking an individual intrusion is possible with cooperation from the targeted organisation, but to trace all these intrusions they would need either global network access or to have owned 'Cleaver's network.
Similarly, how can CyLance by manipulating DNS on third party networks unless they're pretty black themselves, or did all these hacked organisations around the world happen to pick the same obscure company to investigate these intrusions they didn't know about.
The only organisations I would suspect of being able to do this level of monitoring, are exactly the ones mostly likely to be doing a false flag operation with Iran as the target.