IRANIAN state-aligned hackers, known as Nimbus Manticore, have targeted the US aviation sector through a sophisticated phishing and SEO poisoning campaign. The group, linked to the Iran Revolutionary Guard Corps (IRGC), shifted tactics by using a counterfeit download page imitating Oracle's SQL Developer tool. This marks a departure from their typical phishing methods, which involved impersonations of legitimate aviation firms.
The campaign included the introduction of a new backdoor named MiniFast, showcasing signs of AI-assisted development in its programming. This activity occurred against the backdrop of increasing tensions between the US and Iran.