THE article discusses Nimbus Manticore, an Iran-linked cyber threat group, which intensified its operations during the U.S. military operation against Iran in early 2026. Researchers from Check Point reported that the group employed innovative tactics including AI-assisted malware and SEO poisoning to enhance their attack methods.
The campaign manifested in three phases: 1) Malicious career offers luring software and aviation employees to download a malware-laden ZIP file; 2) A trojanized Zoom installer distributed through fake meeting invites; 3) Use of fake websites to distribute malware through SEO manipulation instead of traditional phishing techniques. The group demonstrated advanced capabilities like AI-assisted code generation and sought to exploit vulnerabilities passively. Their targets primarily included organizations in Europe, the Middle East, and recently expanded operations into the U.S. aviation sector.