Check Point Research reveals that Nimbus Manticore, an Iranian state-aligned APT group, has increased its focus on Western European targets such as defense and aerospace companies since early 2025. The campaign employs sophisticated spear-phishing, custom malware, and stealth techniques to evade detection and gather intelligence. #NimbusManticore #UNC1549 #IranianDreamJob
Keypoints
- Nimbus Manticore is linked to Iranian state-sponsored cyber operations and overlaps with other threat groups like UNC1549 and Smoke Sandstorm.
- The group uses highly targeted spear-phishing campaigns with fake aerospace and defense career portals to infect victims.
- Malware delivery involves abused API functions, legitimate Windows binaries, and stealth techniques such as DLL sideloading and code obfuscation.
- The backdoor MiniJunk and stealer MiniBrowse are used for persistent access and data exfiltration, with advanced obfuscation and evasion tactics.
- Recent activities indicate a strategic shift toward European targets, with sophisticated malware designed to evade standard detection methods.
Read More: https://securityonline.info/iranian-apt-nimbus-manticore-intensifies-cyber-espionage-in-europe/