Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Iranian Hackers Target Aviation with New Techniques

Iranian Hackers Target Aviation with New Techniques

Posted on May 26, 2026 By CWS

Iranian Hackers Employ New Strategies in Cyber Attacks

The Iranian cyber threat group known as Nimbus Manticore has launched a new wave of attacks, targeting the aviation and software industries in the U.S., Europe, and the Middle East. These attacks follow a joint military operation against Iran earlier in 2026, showcasing advanced tactics and the use of a novel backdoor named MiniFast. Cybersecurity firm Check Point highlighted these developments in a recent report.

Advanced Techniques Unveiled

Nimbus Manticore, associated with Iran’s Islamic Revolutionary Guard Corps, is notorious for its focus on defense and telecommunications sectors, often using phishing tactics disguised as career opportunities. Recent activities indicate a shift in their methods, with the introduction of AppDomain hijacking to distribute malware like MiniJunk and MiniFast. Notably, search engine optimization (SEO) poisoning has been employed to propagate a compromised version of Oracle’s SQL Developer software.

These campaigns have evolved, with the latest attacks in March involving a compromised Zoom installer, further exploiting AppDomain hijacking to deploy MiniFast. This campaign is believed to be part of a larger phishing effort using deceptive meeting invitations.

AI-Assisted Malware Development

Evidence suggests that Nimbus Manticore has utilized AI tools in crafting MiniFast, indicated by its complex error handling and modular structure. This new backdoor allows for comprehensive system control, including remote command execution, file operations, and privilege escalation. Such capabilities enable the group to maintain persistent access and execute a variety of commands on compromised systems.

The group has also been observed setting up fake websites to distribute malware, marking a departure from its typical phishing tactics. Check Point noted this approach as a significant deviation, aiming to enhance site visibility through SEO techniques.

Broader Implications and Future Outlook

Nimbus Manticore’s activities reflect a growing trend among Iranian threat actors to adopt methods reminiscent of North Korean cyber operations, focusing on social engineering and personalized lures. This strategy has allowed them to exploit individuals within targeted organizations effectively.

The group’s persistence and adaptability amid regional conflicts demonstrate their capacity to sustain and enhance operations. The ongoing campaigns raise concerns about potential impacts on critical infrastructure, as evidenced by recent reports of attacks on gas station systems in the U.S.

As these cyber threats continue to evolve, it is crucial for organizations to remain vigilant and adopt robust cybersecurity measures. Staying informed about emerging tactics can help mitigate risks and protect sensitive information from sophisticated cyber adversaries.

The Hacker News Tags:AI in hacking, AppDomain hijacking, aviation sector, cyber espionage, cyber threats, Cybersecurity, Iranian hackers, MiniFast, MiniJunk, Nimbus Manticore, Phishing, phishing campaigns, SEO poisoning, Software Security, SQL Developer malware

Post navigation

Previous Post: Phishing Attacks Exploit RCS and iMessage to Evade Security
Next Post: Payload Ransomware Threatens Global Systems with Advanced Encryption

Related Posts

PCPJack Compromises Cloud Systems Using 5 CVEs PCPJack Compromises Cloud Systems Using 5 CVEs The Hacker News
DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide The Hacker News
Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet The Hacker News
Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expands Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expands The Hacker News
Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage Chinese Hackers Murky, Genesis, and Glacial Panda Escalate Cloud and Telecom Espionage The Hacker News
BKA Unveils Key Figures in REvil Ransomware Operations BKA Unveils Key Figures in REvil Ransomware Operations The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AI Gateways: Emerging Targets for Cyber Attacks
  • Hacker Server Leak Unveils Massive WordPress Breach
  • Critical Linux FUSE Flaw Allows Root Access
  • Laser Pulse Vulnerability in Tangem Wallets Exposes Security Risks
  • Critical GNU Guix Vulnerabilities Permit Remote Attacks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AI Gateways: Emerging Targets for Cyber Attacks
  • Hacker Server Leak Unveils Massive WordPress Breach
  • Critical Linux FUSE Flaw Allows Root Access
  • Laser Pulse Vulnerability in Tangem Wallets Exposes Security Risks
  • Critical GNU Guix Vulnerabilities Permit Remote Attacks

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark