Nimbus Manticore, an Iranian APT also known as Bohrium, Smoke Sandstorm, TA455, and UNC1549, has updated its phishing and payload delivery methods to target aviation and software companies. The group shifted to AppDomain hijacking, deployed new backdoors like MiniJunk and MiniFast, and expanded its focus toward US-based organizations amid heightened geopolitical tensions. #NimbusManticore #Bohrium #SmokeSandstorm #TA455 #UNC1549 #MiniJunk #MiniFast #CharmingKitten #APT35 #IRGC
Keypoints
- Nimbus Manticore is an Iranian APT active since at least 2022.
- The group is linked to Charming Kitten and the IRGC.
- It replaced DLL sideloading with AppDomain hijacking in recent campaigns.
- New intrusions used fake job lures and trojanized installers to deliver MiniJunk and MiniFast.
- The group has expanded targeting from the Middle East and Europe to US organizations.
Read More: https://www.securityweek.com/iranian-apt-targets-aviation-software-companies-with-updated-tools/