ThreatCluster

Iranian Hackers Use AppDomainManager Hijacking to Evade EDR Detection

First seen 1 Jun 2026, 21:22 UTC GbhackersCybersecuritynews 89% similarity 73

Article Content

Browse articles
ThreatCluster

Iranian hackers have employed AppDomainManager hijacking in .NET applications to disable security telemetry and evade endpoint detection and response (EDR) tools. This advanced technique is linked to the Iran-nexus group Screening Serpens and is combined with DLL sideloading and fake job lures. The campaign primarily targets organizations in the United States, Israel, and the United Arab Emirates, intensifying after a regional conflict that began on February 28, 2026. The attack's sophistication raises concerns about the effectiveness of current EDR solutions against such tactics. Specific numbers and CVEs were not disclosed in the articles, but the implications for affected systems are significant.

Key Points: • Iranian hackers are using AppDomainManager hijacking to bypass EDR tools. • The campaign targets organizations in the U.S., Israel, and the UAE, linked to a recent regional conflict. • This sophisticated attack method complicates detection and response efforts for cybersecurity teams.

ThreatCluster AI

Timeline

2026-02-28
Regional conflict begins
A conflict in the Middle East escalates, leading to increased cyber activity from Iranian hackers.
Cybersecuritynews
2026-06-01
Iranian hackers deploy AppDomainManager hijacking
Hackers use a sophisticated .NET technique to evade EDR detection, complicating cybersecurity efforts.
Gbhackers

Community

Browse all →