The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

Iranian Threat Actor Nimbus Manticore Expands Wartime Cyber Operations with AI-Assisted Malware and SEO Poisoning

Jun 1, 2026 3:01:24 PM / by The Hivemind posted in Threat Bulletin, IRGC cyber operations, Nimbus Manticore, MiniJunk malware, UNC1549, MiniFast malware, AppDomain Hijacking, Iranian cyber threats, aviation cyber threats, SEO poisoning

0 Comments

Verticals Targeted: Aviation, Defense, Telecommunications, Software Development, Government
Regions Targeted: US, Israel, UAE, Saudi Arabia, Western Europe, Middle East, Africa
Related Threat Actors: Nimbus Manticore
Related Families: MiniJunk, MiniFast

Executive Summary

IRGC-affiliated threat actor Nimbus Manticore significantly expanded its operational capabilities during the ongoing 2026 Middle East conflict, introducing a new backdoor dubbed MiniFast alongside advanced delivery mechanisms including AppDomain Hijacking, scheduled task abuse, and SEO poisoning. The campaign has targeted aviation, software, defense, and telecommunications organizations across the US, Europe, and the Middle East using phishing lures, Trojanized software installers, and stealth-focused persistence techniques designed to blend into legitimate enterprise activity.

Read More

Nimbus Manticore’s Evolving Cyberespionage Campaign

Sep 29, 2025 2:53:45 PM / by The Hivemind posted in Threat Bulletin, Telecommunications, Spear Phishing, malware obfuscation, DLL sideloading, Iranian APT, Nimbus Manticore, MiniJunk, MiniBrowse, defense manufacturing

0 Comments

Verticals Targeted: Defense Manufacturing, Telecommunications, Aerospace
Regions Targeted: Western Europe, Middle East
Related Families: MiniJunk, MiniBrowse

Executive Summary

Nimbus Manticore, an Iranian APT group, has intensified its cyberespionage campaign targeting defense, telecommunications, and aerospace sectors in Western Europe and the Middle East, deploying advanced malware such as MiniJunk and MiniBrowse via sophisticated spear-phishing and DLL sideloading techniques. The group’s focus on stealth, obfuscation, and resilient infrastructure underscores its alignment with IRGC strategic priorities.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More