Summary

The article discusses a new campaign by the Iranian state-sponsored group Nimbus Manticore, which is deploying malware named MiniFast and MiniJunk V2. The campaign targets organizations in the aviation and software sectors across the U.S., Europe, and the Middle East.

Key Points

• The threat actor involved is known as Nimbus Manticore, also referred to as Screening Serpens and UNC1549.
• The campaign uses phishing and SEO poisoning techniques to deliver malware.
• The targeted sectors include aviation and software industries.
• The campaign follows a joint U.S.-Israeli military operation against Iran in late February 2026.

Analysis

This campaign highlights the persistent threat posed by state-sponsored cyber actors, particularly those from Iran. The use of phishing and SEO poisoning indicates a sophisticated approach to compromising targeted organizations. The focus on aviation and software sectors suggests an interest in critical infrastructure and technological assets, which could have significant geopolitical implications.

Conclusion

IT professionals should enhance their organization's email security measures and educate employees on recognizing phishing attempts. Regularly updating security protocols and monitoring for unusual activity can help mitigate the risk posed by such advanced persistent threats.