AN Iranian APT referred to as Nimbus Manticore has evolved its techniques and tools for cyber intrusions targeting aviation and software companies, according to Check Point. This group, active since at least 2022 and believed to have ties to Iran’s IRGC, employs tactics similar to North Korea's Lazarus Group. Recent activities include phishing campaigns with AppDomain hijacking for payload delivery, using lures like fake job offers to infect targets with backdoors such as MiniJunk and MiniFast.
While traditionally focused on the Middle East, recent operations indicate a shift towards U.S. organizations, further increasing concerns over its advanced capabilities and persistent threat.