‌Based on a newly released article from the cybersecurity firm Unit 42, the advanced persistent-threat group Nimbus Manticore – which is linked to the Islamic Revolutionary Guard Corps – is carrying out a widespread new campaign against organizations in the aerospace and software development sectors located in the United States, Europe ande the Middle East.

It is worth noting that the group’s cyber activities began at the same time as the war involving Israel, the United States and Iran, and these activities demonstrate that the group’s technical and operational capabilities have only risen in the past few years.

Interestingly, Nimbus Manticore’s operations resemble those of other Iranian groups such as Smoke Sandstorm and Crimson Sandstorm. In this campaign, hackers have been observed employing new tactics and capabilities, and they are also using a new backdoor called MiniFast (also known as MiniUpdate). The report states that the Nimbus Manticore group, with the use of artificial intelligence, developed MiniFast.

Nimbus Manticore was previously associated with the “Iran Dream Job” campaign, in which the attackers offered fake job opportunities in the defense, aerospace and aviation sectors.