The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Nimbus Manticore’s Evolving Cyberespionage Campaign

Sep 29, 2025 2:53:45 PM / by The Hivemind posted in Threat Bulletin, Telecommunications, Spear Phishing, malware obfuscation, DLL sideloading, Iranian APT, Nimbus Manticore, MiniJunk, MiniBrowse, defense manufacturing

0 Comments

Verticals Targeted: Defense Manufacturing, Telecommunications, Aerospace
Regions Targeted: Western Europe, Middle East
Related Families: MiniJunk, MiniBrowse

Executive Summary

Nimbus Manticore, an Iranian APT group, has intensified its cyberespionage campaign targeting defense, telecommunications, and aerospace sectors in Western Europe and the Middle East, deploying advanced malware such as MiniJunk and MiniBrowse via sophisticated spear-phishing and DLL sideloading techniques. The group’s focus on stealth, obfuscation, and resilient infrastructure underscores its alignment with IRGC strategic priorities.

Read More

Charon Ransomware Targets Middle East

Aug 18, 2025 1:56:06 PM / by The Hivemind posted in Threat Bulletin, Emerging Threat, Charon ransomware, Earth Baxia, APT techniques, process injection, anti-EDR, DLL sideloading, Middle East cyber attacks, public sector malware, aviation industry threats, ransomware defense

0 Comments

Verticals Targeted: Public Sector, Aviation
Regions Targeted: Middle East
Related Families: None

Executive Summary

Charon is a new ransomware family employing advanced APT-style techniques, targeting Middle Eastern public sector and aviation organizations with tailored ransom demands. Its sophisticated attack chain, including DLL sideloading and process injection, underscores the growing convergence of ransomware and APT tactics.

Read More

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts