216.73.216.133

Nimbus Manticore Deploys New Malware Targeting Europe

· Published 22/09/2025 21:38 · Modified 22/09/2025 22:40

Export JSON

Essential information

Published
22/09/2025 21:38
Modified
22/09/2025 22:40
Tags
2025-09-22 apt dll sideloading obfuscation spear-phishing telecommunications
Related entities
81 observables, 18 techniques (mitre), 4 others

Description

The Iranian threat actor Nimbus Manticore has expanded its operations, targeting defense, , and aviation sectors in Western Europe. The group uses sophisticated techniques, impersonating HR recruiters to lure victims to fake career portals. Their toolset includes the MiniJunk backdoor and MiniBrowse stealer, which have evolved to employ advanced evasion techniques like multi-stage , heavy , and code signing. The malware infrastructure leverages Azure App Services for resilient command and control. Nimbus Manticore's recent activities demonstrate increased focus on stealth, operational security, and expanding their targeting to align with Iranian strategic priorities.

External references