New Iranian Malware Campaign Uncovered

An Iranian state-sponsored group is using new malware in a phishing and SEO poisoning campaign targeting companies in the U.S., Europe, and ME.

An Iranian state-sponsored hacking group, identified as Nimbus Manticore, is behind a new cyber campaign targeting organizations in the U.S., Europe, and the Middle East. The group is deploying two new malware strains, MiniFast and MiniJunk V2, using a combination of phishing emails and SEO poisoning. This technique involves manipulating search engine results to lead victims to malicious websites. The campaign uses lures that impersonate legitimate companies in the aviation and software sectors to trick employees into downloading the malware. This activity reportedly follows a joint U.S.-Israeli military operation in February 2026, highlighting the connection between geopolitical events and cyber threats.

This development provides critical threat intelligence for security teams and technical leaders. The use of SEO poisoning alongside phishing demonstrates an advanced effort to bypass traditional security defenses and gain initial access to corporate networks. For companies in the aviation and software industries, this represents a direct threat to intellectual property and operational security. Security teams should be aware of the specific malware names and the tactics used by Nimbus Manticore to enhance their detection and response capabilities. The campaign underscores the need for continuous employee training to recognize and report sophisticated social engineering attempts.