Fast and Furious - Nimbus Manticore Operations During the Iranian Conflict

May 25, 2026, 10:21 a.m.

Description

The Iranian IRGC-affiliated threat actor Nimbus Manticore launched sophisticated cyber operations during Operation Epic Fury, the US military campaign against Iran beginning February 28, 2026. The campaigns targeted organizations in aviation and software sectors across the United States, Europe, and Middle East using career-themed phishing lures. For the first time, the actor employed SEO poisoning techniques and introduced MiniFast, a previously undocumented backdoor showing signs of AI-assisted development. The operations leveraged AppDomain hijacking and abused legitimate Zoom installer execution flows for malware deployment. The actor demonstrated rapid adaptation capabilities during wartime conditions, maintaining high operational availability while expanding targeting to US-based aviation companies. Multiple campaign waves were observed from February through April 2026, with persistent infrastructure and evolving techniques.

External References

https://research.checkpoint.com/2026/fast-and-furious-nimbus-manticore-operations-during-the-iranian-conflict/
https://otx.alienvault.com/pulse/6a141fcbde28865faa897cb4
Tags
seo poisoning
minijunk
2026-05-25
appdomain hijacking
minifast
nimbus manticore
operation epic fury

Date

  • Created: May 25, 2026, 10:09 a.m.
  • Published: May 25, 2026, 10:09 a.m.
  • Modified: May 25, 2026, 10:21 a.m.

Indicators

  • a57ffb819fe8d98ff925c5d7b239598fe302acf5a13193d7a535040a71298fdf
  • 74882085db2088356ed7f72f01e0404a0a98cda88ef56fb15ce74c1f36b26d27
  • 2c214494fd0bad31473ca8adce78a4f50847876584571e66aadeae70827ec2dc
  • 332ba2f0297dfb1599adecc3e9067893e7cf243aa23aedce4906a4c480574c17
  • 8808c794c24367438f183e4be941876f1d3ecd0c8d2eb43b10d2380841d2283b
  • 44f4f7aca7f1d9bfdaf7b3736934cbe19f851a707662f8f0b0c49b383e054250
  • d4a7e9f107fe40c1a5d0139c6c6e25bf6bf57f61feff090bee28f476bb3cc3c2
  • 63d0d3c4a7f71bdbca720903d6a99b832089cc093c64d2938e7e001e56c17ab4
  • 9e4a658e6d831c9e9bdfe11884a75b7c64812ed0a80e8495ddf6b316505acac1
  • dfa1e3137a032ee8561a1cd5e1a0f71a10bebb36aef7c336c878638a9c1239ee
  • 0db36a04d304ad96f9e6f97b531934594cd95a5cea9ff2c9af249201089dc864
  • 10fd541674adadfbba99b54280f7e59732746faf2b10ce68521866f737f1e46d
  • f54cd38632ac9da3af3533ae93e92625cbcb04df521dbf1b6acfaa81218f9e8c
  • f08b17856616d66492a24dced27f788e235f35f42fa7cd10f315000d3a2f4c03
  • 0291ef318576953f7f3fe287e7775ed1d7c3206119dc7b9cd6d85c02779e6e40
  • 38bd137c672bd58d08c4f0502f993a6561e2c3411773d1ae57ee0151a0a9d11d
  • bc3b44154518c5794ce639108e7b9c5fecb0c189607a26de1aaed518d890c7ad
  • a13ba3c5aff46e9daf2d23df4b3e3d49dc7236c207c56f0a1433051f3450d441
  • 781605ce9d4a9869e846f6c9657d71437cb6240ab27ffbc4cd550c0e06996690
  • eee657ffdb2af8ed6412221e7d5fbf4f5742f2ac2c88f43f12db46af0697de71
  • 64530d7e6ee30e4a66d9eeed6b8595c33fd72f5f73409133ca40539e5695df4c
  • 43dc62cef52ebdd69e79f10015b3e13890f26c058325c0ff139c70f8d8eadcfa
  • 9cf029daca89523d917dafed0568d11d00e45ec96b5b90b4a1f7fd4018c7da84
  • b19e06da580cf91691eda066ac9ee4b09c6e5dc26c367af12660fe1f9306eec4
  • 485f182f7b74ea4013b2539275a95d21e3a9bf0082c331937af9353a324b36f3
  • ecaf493c320d201d285ef5f61d75744216e47cf1115b4af528f9a78883cc446e
  • 5c3362d20229597d11380f56d1f2eb39647fb6afad7be8392a7abcd18dff12f8
Download all indicators here!

Attack Patterns

  • MiniFast
  • MiniJunk
  • Nimbus Manticore

Additional Informations

  • Telecommunications
  • Technology
  • Aerospace
  • Defense
  • getsqldeveloper.com
  • buisness-centeral-transportation.com
  • business-startup.org
  • ramiltonsfinance.com
  • United Arab Emirates
  • Israel
  • Saudi Arabia
  • Australia
  • United States of America