THE article discusses the resurgence of the Iranian IRGC-affiliated threat actor, Nimbus Manticore, during the U.S. military campaign against Iran, named Operation Epic Fury, which commenced on February 28, 2026. The campaign involved sophisticated techniques including the use of SEO poisoning as a malware delivery method and the deployment of a new backdoor dubbed MiniFast, which utilizes AI-assisted development practices.
Key activities included career-themed phishing lures targeting the aviation and software sectors, the introduction of AppDomain hijacking techniques, and the use of a Trojanized Zoom installer as part of the infection chain. The article also reveals how Nimbus Manticore is adapting its strategies to maintain operational effectiveness amid geopolitical tensions, highlighting their focus on high-profile sectors across the U.S., Europe, and the Middle East.