216.73.216.169

Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns

· Published 22/05/2026 19:33 · Modified 25/05/2026 09:52

Export JSON

Essential information

Published
22/05/2026 19:33
Modified
25/05/2026 09:52
Source / Author
AlienVault
Confidence
100/100
Report type(s)
threat-report
Labels / Tags
appdomainmanager hijacking iran nexus minijunk v2 screening serpens
Tags
2026-05-22 appdomainmanager hijacking iran-nexus minijunk v2 screening serpens
Related entities
13 indicators, 13 observables, 1 intrusion sets (apt), 20 techniques (mitre), 4 malware, 8 others

Description

Unit 42 researchers identified six new remote access Trojan variants deployed by APT group between February and April 2026, coinciding with a regional conflict starting February 28, 2026. The group targeted entities in the U.S., Israel, UAE, and other Middle Eastern locations, primarily focusing on technology sector professionals through highly tailored social engineering using personalized recruitment lures. Two new malware families, MiniUpdate and , were discovered featuring advanced techniques including that manipulates .NET application initialization to disable security mechanisms. The campaigns demonstrated increased technical capabilities and operational resilience, with each variant using dedicated C2 infrastructure hosted on Azure. The attacks leveraged DLL sideloading, scheduled tasks for persistence, and sophisticated evasion techniques to maintain long-term access for espionage purposes.

External references