Nimbus Manticore Deploys New Malware Targeting Europe
Essential information
- Published
- 22/09/2025 21:38
- Modified
- 22/09/2025 22:40
- Tags
- 2025-09-22 apt dll sideloading obfuscation spear-phishing telecommunications
- Related entities
- 81 observables, 18 techniques (mitre), 4 others
Description
The Iranian threat actor Nimbus Manticore has expanded its operations, targeting defense, telecommunications, and aviation sectors in Western Europe. The group uses sophisticated spear-phishing techniques, impersonating HR recruiters to lure victims to fake career portals. Their toolset includes the MiniJunk backdoor and MiniBrowse stealer, which have evolved to employ advanced evasion techniques like multi-stage DLL sideloading, heavy obfuscation, and code signing. The malware infrastructure leverages Azure App Services for resilient command and control. Nimbus Manticore's recent activities demonstrate increased focus on stealth, operational security, and expanding their targeting to align with Iranian strategic priorities.