Nimbus Manticore APT Targets Aerospace Sector with Fake Job Schemes

The Iranian-aligned threat group Nimbus Manticore has launched a cyber campaign targeting aerospace and defense organizations. This operation utilizes a fake recruitment portal to distribute custom malware via a sophisticated sideloading technique. The group, also known as UNC1549 and Smoke Sandstorm, has a history of targeting professionals in the aerospace and defense sectors, particularly across the Middle East and Europe. The attack leverages social engineering tactics to deceive victims into executing malware. Specific details about the malware's capabilities and the exact number of affected organizations have not been disclosed. The campaign is ongoing, and organizations in the targeted sectors are advised to remain vigilant against such deceptive tactics.

Key Points: • Nimbus Manticore uses fake job offers to deliver custom malware to aerospace firms. • The group is linked to Iran and has a history of targeting defense sectors in the Middle East and Europe. • The attack employs sophisticated sideloading techniques and social engineering.