216.73.217.139

Fast and Furious - Nimbus Manticore Operations During the Iranian Conflict

· Published 25/05/2026 10:09 · Modified 25/05/2026 10:21

Export JSON

Essential information

Published
25/05/2026 10:09
Modified
25/05/2026 10:21
Tags
2026-05-25 appdomain hijacking minifast minijunk nimbus manticore operation epic fury seo poisoning
Related entities
27 observables, 1 intrusion sets (apt), 20 techniques (mitre), 2 malware, 13 others

Description

The Iranian IRGC-affiliated threat actor launched sophisticated cyber operations during , the US military campaign against Iran beginning February 28, 2026. The campaigns targeted organizations in aviation and software sectors across the United States, Europe, and Middle East using career-themed phishing lures. For the first time, the actor employed techniques and introduced , a previously undocumented backdoor showing signs of AI-assisted development. The operations leveraged and abused legitimate Zoom installer execution flows for malware deployment. The actor demonstrated rapid adaptation capabilities during wartime conditions, maintaining high operational availability while expanding targeting to US-based aviation companies. Multiple campaign waves were observed from February through April 2026, with persistent infrastructure and evolving techniques.

External references