Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Iranian Hackers Evade Detection with .NET Hijacking

Iranian Hackers Evade Detection with .NET Hijacking

Posted on June 1, 2026 By CWS

Iranian hackers have advanced their cyber-espionage tactics, employing a complex .NET hijacking strategy to bypass security systems. This technique has been used to infiltrate organizations in the United States, Israel, and the United Arab Emirates.

Intensified Campaign Linked to Regional Conflict

Following a regional conflict that commenced on February 28, 2026, an Iran-associated advanced persistent threat group has been aggressively targeting several countries. Known by names such as Screening Serpens, UNC1549, and Smoke Sandstorm, this group has been active since 2022. Initially focused on the Middle East, they have since extended their reach to Western Europe, particularly targeting high-value sectors like aerospace, defense, and telecommunications.

New Malware Variants Identified

Security researchers from Unit 42 have identified six new remote access Trojan (RAT) variants, categorized into two malware families: MiniUpdate and MiniJunk V2. These campaigns correlate with the timeline of the conflict, targeting the U.S. and Israel in late March, followed by the UAE and other Middle Eastern countries in mid-April 2026.

The infection typically begins with spear phishing, where victims are lured by what appear to be legitimate recruitment or video conferencing applications. Once the victim interacts with these files, a silent multi-stage infection chain grants attackers complete control over the compromised systems.

AppDomainManager Hijacking Technique

A significant innovation in this campaign is the use of AppDomainManager hijacking, where attackers modify legitimate configuration files during the initialization phase of .NET applications. This allows malicious code to execute early, often escaping detection by most security tools.

By inserting specific XML lines into the application’s configuration file, attackers disable critical security features such as Event Tracing for Windows (ETW). This method also circumvents strong-name signature validation, allowing unsigned DLL files to load without triggering alarms.

This approach is considered a sophisticated ‘living-off-the-land’ technique, as it relies on legitimate system components to disable defenses, enabling the payload to execute in an unmonitored environment.

Both the MiniUpdate and MiniJunk V2 families utilize social engineering tactics, such as fake job description documents and spoofed meeting invitations. These files are designed to appear authentic, fooling victims into executing the malicious content.

Security experts recommend enhancing EDR platforms to detect behaviors associated with DLL sideloading and AppDomainManager hijacking. Organizations in vulnerable sectors should remain vigilant against unsolicited job offers and meeting invites.

For more in-depth cybersecurity updates, follow us on Google News, LinkedIn, and X, and set CSN as your preferred news source.

Cyber Security News Tags:Aerospace, AppDomainManager hijacking, cyber espionage, Cybersecurity, Defense, EDR evasion, endpoint detection, Iranian hackers, Malware, MiniJunk V2, MiniUpdate, remote access trojan, social engineering, spear-phishing, Telecommunications

Post navigation

Previous Post: Pentagon’s AI Push Faces Military Leaders’ Concerns
Next Post: Dragos Enhances Cybersecurity with Phosphorus Acquisition

Related Posts

SIM Swapping Attacks on the Rise SIM Swapping Attacks on the Rise Cyber Security News
Ubiquiti UniFi Door Access App Vulnerability Exposes API Management Without Authentication Ubiquiti UniFi Door Access App Vulnerability Exposes API Management Without Authentication Cyber Security News
Hackers Exploit AI Platforms for Sophisticated Attacks Hackers Exploit AI Platforms for Sophisticated Attacks Cyber Security News
Google Forms Exploited in New PureHVNC Malware Attack Google Forms Exploited in New PureHVNC Malware Attack Cyber Security News
Instagram Started Using 1-Week Validity TLS certificates and Changes Them Daily Instagram Started Using 1-Week Validity TLS certificates and Changes Them Daily Cyber Security News
Vulnerable Water Systems Face Cyber Threats Vulnerable Water Systems Face Cyber Threats Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • JetBrains Fixes Critical Security Flaws in Key Products
  • Dutch Police Break Up €100 Million Fraud Network
  • AI Security Testing Evolves with New Threats
  • Daxin Malware Reappears in Taiwan with New Stupig Backdoor
  • Next.js Enhances Security with Monthly Update Program

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • JetBrains Fixes Critical Security Flaws in Key Products
  • Dutch Police Break Up €100 Million Fraud Network
  • AI Security Testing Evolves with New Threats
  • Daxin Malware Reappears in Taiwan with New Stupig Backdoor
  • Next.js Enhances Security with Monthly Update Program

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark