Gbhackers
Iran-linked Screening Serpens Group Deploys MiniUpdate RAT via Azure C2
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The Screening Serpens group, linked to Iran, has initiated a targeted espionage campaign using a new remote access Trojan (RAT) named MiniUpdate. This campaign primarily targets technology professionals in the United States, Israel, and the United Arab Emirates. The attacks utilize Azure-hosted command and control (C2) domains, employing deceptive recruitment lures and fake software installers to distribute the malware. The campaign reportedly began in mid-February 2026 and has raised significant concerns among cybersecurity experts due to its sophisticated methods. Screening Serpens has been active since at least 2022, indicating a long-term strategic focus on espionage. The exact number of affected individuals or organizations remains unclear, but the implications for national security are substantial.
Key Points: • The Screening Serpens group is linked to Iran and has been active since 2022. • MiniUpdate RAT is deployed via Azure-hosted C2 domains using deceptive tactics. • The campaign targets professionals in the US, Israel, and the UAE, raising national security concerns.